P2P applications are bandwidth-intensive. Controlling the bandwidth of P2P applications is important on an enterprise network.
Configure the USG5500 as follows: Step 1 Set the IP addresses of the interfaces, define routing polices, and add routes to the routing table.
ip address 10.1.1.1 255.255.255.0
ip address 192.168.1.1 255.255.255.0
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/2
nat-policy interzone trust untrust outbound
policy source 10.1.1.0 mask 24 Step 2 Configure a P2P policy.
ip address-set p2padd type object
address 0 range 10.1.1.1
acl number 3004
rule 0 permit ip source address-set p2padd
rule 5 permit ip destination address-set p2padd
cir 10000 index 1 time-range
cir 20000 index 2 time-range Step 3 Apply the P2P policy on the trust zone.
firewall interzone trust untrust
p2p-car 3004 class 1 inbound
p2p-car 3004 class 1 outbound
Networking in lab environment:
As shown in the following figure, the private network is 10.1.1.0, and the public network is represented by network 192.168.1.0. The bandwidth for the P2P traffic between the two networks must be limited to 10 Mbit/s.
On an enterprise network, P2P traffic can also be controlled by using time-range ACL as follows: Step 1 Set a time range as follows:
time-range day 12:00 to 18:00 daily Step 2 Assign class 1 to P2P traffic.
cir 10000 index 1 time-range day