Options

ASA Qos?

Daniel333Daniel333 Member Posts: 2,077 ■■■■■■□□□□
Hey guys,

Just got an email from my boss here. Basically we have a client with about 20 users on a single T1. They use mainly web based applications. What he/and I wanted to know if can you set QoS on certain URL sets?

I want to limit the speeds on Flash/Hulu and give priority to their business sites.

They have a 5505 with security plus installed.
-Daniel

Comments

  • Options
    networker050184networker050184 Mod Posts: 11,962 Mod
    Sounds like what you really need is an acceptable use policy. I'm not too hot on the ASA's but you will probably have much more robust QoS features on the router thats terminating the T1.
    An expert is a man who has made all the mistakes which can be made.
  • Options
    tierstentiersten Member Posts: 4,505
    No. You can't do URL specific filtering at all with just a ASA5505 and it won't do QoS on it either. If you can work out the IP addresses of every site that streams video then maybe... ;)

    20 users off a single T1? Thats going to be a speedy web experience for them then.
  • Options
    Daniel333Daniel333 Member Posts: 2,077 ■■■■■■□□□□
    "acceptable use policy", lolz. Not worth talking about at all. The types of clients we support would fire us on the spot if we talked to them about such things. A failing venture capitalist. Not a good environment.

    Anyhow, what kinds of recommendations would guys have? I am thinking URL QoS on the Windows 7 machines, but they also have Vista and Macs. So that is only so helpful.

    TMG/ISA is out of the question. How about identification of the offenders and de-prioritize their http traffic? Sorry, I have never setup QoS of any form.
    -Daniel
  • Options
    hypnotoadhypnotoad Banned Posts: 915
    The ASA probably wont help you. A Packeteer (or one of their competitors) probably would. Ours sees flash video and throttles it back - it recognizes youtube, myspace, facebook, pandora, skype...all that fun stuff.
  • Options
    it_consultantit_consultant Member Posts: 1,903
    Oddly enough, the new Watchguard XTM firewalls can do what you need. For a single office it would probably be out of the price range, about 2K to start. For that money you ought to just bond another T-1.
  • Options
    deth1kdeth1k Member Posts: 312
    any router with advIPservices and nbar can do this.
  • Options
    hypnotoadhypnotoad Banned Posts: 915
    We use an untangle box for other things (firewall, spam filter). It's open source. BUT i just got an email today that the upcoming version adds these features:

    Please join us for an Untangle Community Webinar to review the newly-released Untangle 8.0. This version introduces a long-awaited new app, Bandwidth Control, which allows administrators to control and monitor bandwidth usage on the network:
    - Prioritize time-critical applications, such as online meetings, webinars or VOIP
    - Prioritize important websites, like salesforce.com or the company website
    - Give different users and/or groups different bandwidth usage rights
    - Track and monitor bandwidth usage and bandwidth abusers
    - Deprioritize unimportant apps and traffic like YouTube, other video or games sites.
    - Limit abusers' bandwidth when using unwanted protocols, like BitTorrent or P2P.
    - Deprioritize certain tasks (like backups and updates) so that they can run at all times without interfering with network operation.
    - Optimize real-time applications like chat, web, Skype, games, etc.
    - Limit hosts to certain hourly/daily/weekly bandwidth quotas
  • Options
    it_consultantit_consultant Member Posts: 1,903
    deth1k wrote: »
    any router with advIPservices and nbar can do this.

    Yeah the point is the ASA he does not have that service. This has only recently been a task that could be done though a firewall, I worked on a 20K palo alto 2 years ago where this was the main selling point.
Sign In or Register to comment.