Bandwidth sharing among security zones on the USG6000 series

How bandwidth is shared among security zones?
The USG6000 series can implement bandwidth sharing by using two methods. Assume that the demilitarized zone (DMZ) and trust zone need to share 20 Mbit/s of uplink bandwidth.
Method 1:
Configure a traffic profile and set the reference mode to exclusive.
[sysname] traffic-policy
[sysname-policy-traffic] profile up_20m
[sysname-policy-traffic-profile-up_20m] bandwidth reference-mode per-rule
[sysname-policy-traffic-profile-up_20m] bandwidth maximum-bandwidth whole upstream 20000
Reference the configured traffic profile in a traffic policy.
[sysname-policy-traffic] rule name 1
[sysname-policy-traffic-rule-1]source-zone dmz trust
[sysname-policy-traffic-rule-1]destination-zone untrust
[sysname-policy-traffic-rule-1]action qos profile up_20

Method 2:
Configure a traffic profile and set the reference mode to shared.
[sysname] traffic-policy
[sysname-policy-traffic] profile up_20m
[sysname-policy-traffic-profile-up_20m] bandwidth reference-mode rule-shared
[sysname-policy-traffic-profile-up_20m] bandwidth maximum-bandwidth whole upstream 20000
Configure two traffic policies and enable both policies to reference the configured traffic profile.
[sysname-policy-traffic] rule name 1
[sysname-policy-traffic-rule-1]source-zone dmz
[sysname-policy-traffic-rule-1]destination-zone untrust
[sysname-policy-traffic-rule-1]action qos profile up_20
[sysname-policy-traffic-rule-1]quit
[sysname-policy-traffic] rule name 2
[sysname-policy-traffic-rule-1]source-zone trust
[sysname-policy-traffic-rule-1]destination-zone untrust
[sysname-policy-traffic-rule-1]action qos profile up_20

Scroll to top