Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 6493 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to priorize RDP traffic for incoming remote SSL clients

ChrisSoukup

Basically we would like to reserve some bandwidth (up & downstream) for our employees who sometimes work from their home office. We have an asymetrical bandwidth with 250MBit down & 25 MBit upstream. Sometimes we notice that for example uploads massively interfere with RDP sessions . Situations like a ftp upload eats up over 23Mbit and our sll client users complain that the RDP session to their workstation gets laggy or sometimes even get's stuck.

I already had a look at the "Quality of Service (QoS)" section in our SG210/UTM9  firewall but I can't really figure out how to reserve like 5MBit upstream (of our 25MBit) for RDP connections.
Somehow it seems I can throttle things down but not prioritize them or reserve bandwidth at all.

Are there any "cooking receipts" for QoS in UTM9 out there with some typical constellations? The help page is somehow to cryptic in this section.

Thank you in advance for any help.



This thread was automatically locked due to age.
Parents
  • 0

    It appears that you found the traffic throttle feature but not the traffic shaping feature.    UTM provides a hidden wizard, which is the easiest way to do either one:

    1. Choose a time when there is the RDP traffic occurring.
    2. On the Dashboard, look in the upper right where UTM shows the current bandwidth in and out for each interface.
    3. Click on one of those objects to view current activity.   If your RDP traffic is arriving on a VPN tunnel, you probably want to use the OUT object on the INTERNAL interface.
    4. The pop-up window will be empty at first.   Be patient and after a few seconds the tabular data will display.
    5. The table shows every active applications and its network usage.   To the right of each row is a button for Block, Shape, or Throttle.   If you click Shape or Throttle, you will get a pop-up asking for the parameters to apply.   Throttle has no guaranteed minimum bandwidth, shaping does.
    6. UTM creates all of the related objects when you save your settings.

    Also recommend reading RFC 3449, which gets into the theory of how Asymmetric-speed networks can experience performance problems.   I don't know how to tune UTM based on that document, but the Linux stuff underneath probably has a way to do so.

  • 0 in reply to DouglasFoster

    Hi,

    I would like to continue this thread since the topic came up againg due to high VPN Client usage (all employees in home offices now)

    I followed your guide until step 4. Since it's actually the OpenVPN traffic we would like to priorite (not ony VPN) it should be possible better to use the external interface in "out" direction. The critical part of RDP is rather the upstream on the internet connection so I choose the "out" on the external interface (in our case it's called "WAN1").

    The table filled up and I could see the OpenVPN traffic there. However the Shape button is greyed out. The mouse-over message says:
    "The SHAPE button has been disabled due to one of the following conditions: Application Control is disabled, application cannot be shaped, the traffic is unclassified or this is the ALL interface."

    I assume that the first reason might be the issue. Where can I enable "Application control"?

  • 0 in reply to ChrisSoukup

    'Web Protection >> Application Control', Chris.

    You might be better off with a 100/100 connection in this situation.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to ChrisSoukup

    'Web Protection >> Application Control', Chris.

    You might be better off with a 100/100 connection in this situation.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML