A Detailed Example
From SieveFirewall
In this scenario we have a file server used by several departments that also serves as a WSUS update server. The file server is at a remote location that is connected to the main campus by a 1.544 Mbps T1 line. We want to allow local clients to access the server without too much limitation, but we need to protect the T1 line, which is used for other applications as well.
Our server on the 192.168.5.0 network is connected with a gigabit network interface, so we'll define the maximum throughput on the system tab as 1000Mbps. We know we'll have three zones, one for local machines, one for corporate machines in 192.168.19.0, and one for the internet. We need to ensure that the T1 line is not flooded by either the internet traffic or by the corporate traffic. Our zone and pipe information will look something like this:
Zones
| Zone | Address/Subnet | Pipe |
|---|---|---|
| Local | 192.168.5.0/24 | Local |
| Corporate | 192.168.19.0/24 | Remote |
| Net | PREDEFINED | Remote |
| Pipes | Down Min | Down Max | Up Min | Up Max | Priority |
|---|---|---|---|---|---|
| 1000 mbit | 1000 mbit | ||||
| Local | 1000 kbit | 1000 mbit | 1000 kbit | 1000 mbit | 0 |
| Remote | 100 kbit | 500 kbit | 100 kbit | 500 kbit | 1 |
To accomplish this, we will first go to the System tab in Sieve and setup the maximum throughput.
Next we setup the pipes. First the Local pipe:
Then the Remote pipe:
Now we setup our zones. First the local zone:
Then the remote zone.
What about the Internet traffic? If you'll notice when we setup the Remote pipe we checked it as being the default. Any traffic going to the NET zone, and in fact any traffic that we don't explicitly assign to a pipe, will go to this default pipe. All we have to do now is generate the OS and reboot the VM. We're done!!!
