Network Scenarios For Traffic Management - McAfee M-1250 - Network Security Platform Configuration Manual

McAfee® Network Security Platform 5.1 The IPS Sensor_Name node
monitoring port(s) of each Sensor in a failover pair exceeds the configured bandwidth,
each Sensor must see the configured traffic on its monitoring port(s) for rate limiting to
occur. This is independent of the traffic that the peer Sensor might be monitoring.

Network scenarios for Traffic Management

Network Scenario for Rate Limiting HTTP traffic
Consider a network scenario where your internal network is connected to the internet, and
Network Security Platform is deployed as shown in the below diagram.
Figure 202: Scenario For Network Security Platform Rate Limiting
Suppose you want to rate limit the HTTP traffic from the Internet to your internal network,
to a specified bandwidth. Your internal network contains some critical servers, to which
access from Internet should be limited. So, you want to give less bandwidth to the request
traffic coming from the internet to the internal network. But you want to give the response
traffic from your internal network to the Internet, a higher bandwidth than the request
traffic.
As shown in the diagram, port 1B of the Sensor carries the request traffic from the internet
to your internal network. So, port 1B of the Sensor is configured to rate limit the HTTP
traffic to a bandwidth of say, 1024 Kbps.
The response traffic from the internal network goes out to the internet through port 1A. As
you want to allocate more bandwidth to the response traffic from your internal network, you
can configure a rate limiting rule on port 1A of the Sensor; say to a bandwidth of 5120
Kbps.
When the request HTTP traffic passing port 1B exceeds the specified rate limiting of 1024
Kbps, the Sensor rate limits the traffic by dropping excess data packets. Only the
configured traffic bandwidth value of 1024 Kbps is allowed to pass through port 1B to the
203