Bandwidth Control - Cipafilter Documentation

Manual - Bandwidth Control

Bandwidth Control prevents heavy bandwidth users from consuming bandwidth capacity to the detriment of other activities on your network.  Three modes are available: Disabled , Automatic , and Advanced DPI .


The Disabled control method disables bandwidth prioritization entirely, allowing traffic to flow through the filter as-is.  This method is useful for troubleshooting and for networks with a third-party bandwidth-management product installed upstream of the filter.


The Automatic control method prioritizes traffic using a set of built-in rules.  These rules are designed to fit the needs of most networks while requiring minimal configuration and maintenance.

Advanced DPI

The Advanced DPI control method is Cipafilter's flagship bandwidth-control solution.  It allows administrators to customize traffic prioritization according to the unique needs of their network via a series of user-configurable rules.

Rules for this mode are matched from top to bottom (like the Firewall page) and may be applied to both subnets and filter groups.  Additional conditions may be applied to prioritize only specific types of traffic:

  • All — Places all of the affected subnet/group's traffic into the specified Priority band.
  • Subnet — Places only traffic going to/from the specified destination subnet into the specified Priority band.
  • Domain — Places only traffic going to/from the specified HTTP domain into the specified Priority band.
  • Application — Places only traffic matching the specified application type into the specified Priority band.  Many application types are provided, from "generic" protocols like DNS to individual services like Dropbox.
  • TCP Port — Places only traffic going to/from the specified TCP port into the specified Priority band.
  • UDP Port — Places only traffic going to/from the specified UDP port into the specified Priority band.
  • DSCP Value — Places only traffic matching the specified DSCP (DiffServ) value into the specified Priority band.

Note that a particular traffic event may match multiple conditions;  for example, downloading a file from a Google site could match the Domain "", the Application type "Google", the Application type "Generic: Download", the TCP Port "443", and so on.  As previously mentioned, the first rule (from the top) which matches the traffic will apply.

Each rule may place traffic into one of the following Priority bands:

  • Critical — The highest possible priority, intended for essential, latency-sensitive services like VoIP.
  • High — A higher than normal priority, intended for priority traffic like administrative work stations and testing services.
  • Normal — The default priority, intended for most traffic passing through the filter.
  • Low — A lower than normal priority, intended for bulk traffic like streaming video.
  • Idle — The lowest possible priority, intended for background traffic like OS updates.

Throughput Configuration

When Automatic or Advanced DPI is selected, a Throughput Configuration table appears containing each of the filter's externally facing interfaces (when Interface Bridging is enabled, only the primary interface is shown).  The maximum upload and download throughputs (in Mbps) should be supplied for each of these interfaces.  These values can be obtained from your provider.  It is critical that this data is accurate, as the Bandwidth Control system will not function properly otherwise.

    • Related Articles

    • Manual - Application Control

      The Application Control page is used to administer the filter's application firewall.  This feature works similarly to the standard Firewall, except that it can identify specific applications, protocols, and domains via deep packet inspection.  For ...
    • Manual

      This article provides links to the individual sections of the Cipafilter product manual.  A PDF of the Cipafilter product manual is attached to this article. Introduction Interface Conventions Installation Status Management Users Hot Spare ...
    • Manual - Introduction

      Cipafilter is a powerful routing platform capable of delivering an evolving tool set to protect your enterprise. Cipafilter's philosophy is to provide a cuing edge, well rounded, and aggressive network control solution to meet your current and future ...
    • Manual - Live Bandwidth Reports

      Live Bandwidth Reports is an enhanced version of the earlier bandwidth-reporting system which employs a friendlier interface with a number of new options.  In addition to displaying data using several different chart formats, it is also possible to ...
    • Manual - Bandwidth Reports (legacy)

      Clicking on Bandwidth Reports launches the BandwidthD application.  This software tracks the Internet usage of all clients on your network.  Select an interface under Select A Sensor and click Go to request a report.  Custom reports and graphs can be ...