NSA3700: BWM ingress/egress bandwidth settings in relation to ISP burstable speeds

SteveBottoms

Morning, all! Mulitple sites, 2650's and 3700's in place, BWM ingress/egress interface bnadwidth limits set to 550Mbps.

My question relates to how the Sonicwall BWM settings (see above) on a given firewall is affected by ISP-provisioned circuits that permit burstable speeds above the setting we have. For example, we have several different ISPs with fiber speeds of "500Mbps" (for example), but the circuit is provisioned to permit burstable speeds of well over 1Gbps.

In the above example, if my ingress bandwidth on the Sonicwalls are set for 550Mbps, is that blocking any burstable capability from the ISP? I'm guess is DOES block the higher speeds, but should my ingress/egress be set for the burstable limit available on that circuit/interface? Does this have any normal operational drawbacks with this settings? We are NOT configured for SD-WAN on these installations.

Your guidance is appreciated!

Steve

Arkwright

AFAIK the speed setting on an interface is not a limit, it's just telling the firewall how much bandwidth is available. If you want to set limits then you create access rules referring to bandwidth objects - those are what have the limits.

So if you want to limit offsite backups to 100Mbps then create a bandwidth object with a maximum of 100M and a priority lower than "medium", apply that object to a rule that matches that traffic. All traffic is Medium unless otherwise classified. This means that all other traffic will be unlimited and can use whatever bandwidth is available, but backups cannot exceed 100Mbps.

I don't think SonicOS BWM is sophisticated enough to handle the concept of "burstable".

SteveBottoms

Additional: with the above question, is it better to have BWM enabled with limits set, or disabled on burstable circuits? Thanks!