restrict UTM proxy http/https bandwidth


we use the UTM Proxy in Standard Mode (incl. HTTPS Scan).
it's a simple setup with 1 internal LAN, 1 DMZ and multiple RED Sites connected.

our WAN Link is at 200 Mbit symetric. When an internal LAN user downloads lets say a ISO file the 200 Mbit Link gets fully saturated.
Our RED connected Sites start to see very degraded Citrix Performance while the download lasts.

I'm in urgent need to restrict HTPP/HTTPS download bandwidth to 100Mbit.
i tried several approaches on the QoS Settings (starting with a simple In/Out Traffic Selector with Bandwith Rule on the WAN Interface) but never managed to make it work!
it's important to note that i need to limit the QoS-Filter ONLY to downloads from the Web, HTTP/HTTPS traffic between the RED Sites and the Main Site has to stay unrestricted.

i already tried the other way around, giving a fixed reserve of bandwidth to Citrix Services instead of limiting web-traffic. But after the initial Connection, Citrix uses dynamic ports so it's impossible to do reasonable QoS.

so what is the magic trick to restrict http/https download bandwidth for the UTM proxy?

thanks in advance

  • Hi Daniel, 

    The first thing to verify is to check if you bound the QoS policy to the correct interface. When you configure a Bandwidth Pool or a Download Throttle policy, you will get an option to bound it to a particular interface. Refer to the help section for the field information and show us a screenshot of the configuration.