Using Bandwidth Optimizer to manage bandwidth

When you create a category or protocol filter, you can elect to limit access to a category or protocol based on bandwidth usage.

  • Block access to categories or protocols based on total network bandwidth usage.
  • Block access to categories based on total bandwidth usage by HTTP traffic.
  • Block access to a specific protocol based on bandwidth usage by that protocol.
    Note: The hybrid service does not enforce bandwidth-based restrictions.

For example:

  • Block the AOL Instant Messaging protocol if total network bandwidth usage exceeds 50% of available bandwidth, or if current bandwidth usage for AIM exceeds 10% of the total network bandwidth.
  • Block the Sports category when total network bandwidth usage reaches 75%, or when bandwidth usage by all HTTP traffic reaches 60% of available network bandwidth.

Protocol bandwidth usage includes traffic over all ports, IP addresses, or signatures defined for the protocol. This means that if a protocol or Internet application uses multiple ports for data transfer, traffic across all of the ports included in the protocol definition are counted toward that protocol’s bandwidth usage total. If an Internet application uses a port not included in the protocol definition, however, traffic over that port is not included in bandwidth usage measurements.

Web protection software records bandwidth used by filtered TCP- and UDP-based protocols.

Forcepoint Security Labs updates web protection protocol definitions regularly to ensure bandwidth measurement accuracy.

When installed, Network Agent sends network bandwidth data to Filtering Service at a predetermined interval. This ensures that web protection software accurately monitors bandwidth usage, and receives measurements that are closest to an average.

In all Forcepoint Web Security deployments, Content Gateway collects bandwidth data for FTP, HTTP, and, when enabled, the individual protocols that tunnel over HTTP (see Configuring tunneled protocol detection). Measurement and reporting parallel that used by Network Agent. You can specify that this data be used to determine bandwidth-based policy enforcement for protocols in the Bandwidth Optimizer settings.

  1. In the Forcepoint Security Manager, go to the Web > Settings > General > Filtering page.
  2. Select the Bandwidth Monitoring check box.
  3. When you are finished, click OK to cache your change. Changes are not implemented until you click Save and Deploy.

When bandwidth options are active, enforcement starts 10 minutes after initial configuration, and 10 minutes after each Policy Server restart. This delay ensures accurate measurement of bandwidth data.

When a request is blocked based on bandwidth limitations, the block page displays this information in the Reason field. For more information, see Block Page Management.