<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
I'm afraid Cisco firewall is not enough here.<br>
<br>
You need something more advanced. Like integrated service router,
i.e.2901 or 2911, or something similar. With iOS 15.5 and complete
hardware support.<br>
<br>
10.05.16 3:15, J Green пишет:<br>
<span style="white-space: pre;">> Here, re 'upload and download
sizes', I meant the later 'dumb traffic limits'.<br>
><br>
> We do have a Cisco firewall in place, and I have setup
'traffic policing'. However, the results are inconsistent.
Sometimes it seems to work, other times it blocks everything, or
it blocks nothing.<br>
><br>
> Appreciate all the feedback, thank you all for your time.<br>
><br>
> On Mon, May 9, 2016 at 12:27 PM, Yuri Voinov
<<a class="moz-txt-link-abbreviated" href="mailto:yvoinov@gmail.com">yvoinov@gmail.com</a> <a class="moz-txt-link-rfc2396E" href="mailto:yvoinov@gmail.com"><mailto:yvoinov@gmail.com></a>> wrote:<br>
><br>
><br>
> For such task enough put Cisco router with TCP traffic
policies .....<br>
><br>
> And please - any protocol, any speed limits, any ACL's, any
SLA .....<br>
><br>
><br>
> 10.05.16 1:15, Alex Rousskov пишет:<br>
> > On 05/09/2016 12:53 PM, Yuri Voinov wrote:<br>
><br>
> >> Just to clarify. For proxying anything (protocol or
service), the proxy<br>
> >> server must be at the same time also act as the
client of a protocol or<br>
> >> service - and as a server.<br>
><br>
><br>
> > It all depends on the definition of "upload and download
sizes" in the<br>
> > OP question. If the intent is to understand and restrict
individual<br>
> > protocol messages, then you are right. If the intent is
just to limit<br>
> > the aggregate number of TCP bytes transferred, then
protocol<br>
> > understanding (in a "transparent" setup) is not
required.<br>
><br>
> > Needless to say, Squid is unlikely to be the best
solution for the<br>
> > latter "dumb traffic limits" problem, but if an
"all-in-one executable"<br>
> > is a critical requirement, one can make modern Squids to
limit tunneled<br>
> > TCP traffic that it does not understand.<br>
><br>
> > Alex.<br>
><br>
><br>
> >> J Green:<br>
> >>>> Would like to limit maximum upload and
download sizes for<br>
> >>>> other TCP protocols: SMB, NFS, FTP,
and RDP.<br>
> > _______________________________________________<br>
> > squid-users mailing list<br>
> > <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:squid-users@lists.squid-cache.org"><mailto:squid-users@lists.squid-cache.org></a><br>
> > <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:squid-users@lists.squid-cache.org"><mailto:squid-users@lists.squid-cache.org></a><br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJXMQGlAAoJENNXIZxhPexGUrUIAJPB/z0efUrIg/MQNdt/rhYh
<br>
xc4S+0y1E0uDooctFOrHxsRaFq8QoegHRpAQ8EOR9jH2sTkKeLWzT7q4RGNzjVK8
<br>
Zmq/lb2W4TG4tdpfEwt07/46koLd47EIlYfmm9sqck+Lez2JgHZ9+y8Il9fbEGqY
<br>
mUL9qwNtK9Wp2VjaNMZ447oOIShZj6nDELo9raVDkknpluFl37M0WFkmShR076Rw
<br>
NvhA9pto1u+Sx9STSkFz7AgkU4vp4Nzetlqg1cjoklmQTN/iAgyQK+2FRYoYgtJO
<br>
rZxjcC1iFkTV+J0xwS9iWBfktRDTi247oLhDCxK9jL6SDhs771sGJmuGJaJ8Mnw=
<br>
=jTlc
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>