[FW-1] Floodgate-1 Right Configurations

[Abdul Mukhtar [Permanent Link]]

Dear All,

I have recently installed Floodgate-1 on our modules and mgmt server. QoS is defined on the outbound traffic for our modules' external interfaces only. We have got two sites connected over site-to-site VPN tunnel. Under QoS, there are three rules listed:

1) To guarantee 1625 Kpbs from Site 1 to Site 2 for any encrypted traffic and any services (Total Internet Bandwidth Site 1 = 2MB)
2) To guarantee 1280 Kpbs from Site 2 to Site 1 for any encrypted traffic and any services (Total Internet Bandwidth Site 2 = 2MB)
3) Default rule (any to any weight = 10) (I don't know what is this for)

This is my Floodgate-1 setup shown below. I want you kindly to tell me:

- What is the difference in Guarantee Per Rule or Per Connection? 
- Will the Per Connection one give us the best bandwidth management results?
- Also, how can I make sure that Floodgate-1 is doing its bits and guarantee specified bandwidth the VPN traffic between sites?
- Do I need to change the logs for all security policies in the rule base to "Account" instead of "Log" in order to see what's going on?

Please advise kindly.

Abdul