Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 13331 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9 : QoS best practices

Denis Chatenay

Hi,

 

Here is a quick network diagram :

 

 

Our context / goal : 

  • Some users are experiencing slow Internet. 
  • So we would like to optimize our outgoing Internet traffic. 

Questions :

  1. If we do not host any service internally, only outgoing traffic to Internet. Should we set QoS on internal interfaces ?
    • For example : on internal vlan interfaces (users, servers, network…)
    • Because this will have an impact on internal bandwidth between users and servers.

  2. If we should set QoS internally to optimize our outgoing internet traffic, should we have a total of all QoS for internal interfaces under a total of external interface ?
    • For example :
      • Interface server : 10 Mbps (QoS)
      • Interface user : 20 Mbps (QoS)
      • Interface external (internet) : 30 Mbps (QoS)

  3. If we configure a RED tunnel, should we configure the QoS with the same bandwidth QoS on both sides ?

  4. Could we configure a bandwidth pool without any QoS interface enabled ? Is is useless ?

  5. What are the best practices to configure bandwidth pool or download throttling ?
    • From a specific rule to a global one ?


This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    1. I would advise applying QoS on the external interface, given that you will be downloading webpages or content from the Internet. I would suggest going through this external article: https://www.fastvue.co/sophos/blog/limit-youtube-traffic-sophos-utm-qos/ which should help you configure this.

    2. On the external interface, you should only specify the bandwidth you have from ISP for both Upload and Download.

    3. Do you want to apply QoS for the devices behind RED? 

    4. You will require to Enable the Interface on which you'd apply QoS.

    5. The external article I mentioned earlier should help you with that.

    Regards

    Jaydeep

  • 0 in reply to Jaydeep

    Thank you for your reply Jaydeep.

    -------------

    Scenario 1 : guarantee web surfing

    So from your link, to guarantee a web surfing bandwidth for example for vlan users, I will do the following :

    • Enable the QoS on the WAN interface with the Internet speed
      • We have 30 Mbps symetric, so to be conservative, I will set 10 % less. 27 Mbps downlink / 27 Mbps uplink

    • I will configure a traffic selector
      • Source : VLAN Users
      • Destination : Internet
      • Protocol : HTTP/HTTPS
    • Then a bandwidth pool on the WAN interface
      • Bandwidth : 6 Mbps
      • Traffic selector : Web surfing

    Scenario 2 : limit bandwidth for Microsoft updates

    I would like to limit the bandwidth used for Microsoft updates from our WSUS server.

    First, I was thinking about download throttling, but this is not the right tool for that, I think.

     

    Questions :

    1. So with scenario 1, internal users (from VLAN users) will have at least 6 Mbps for web surfing. Am I right ?
    2. So with scenario 2, how can I limit the banwitdh used for Microsoft updates ? Should I configure a bandwidth pool with a upper bandwidth limit ?

     

    Thanks a lot for your help !

Reply
  • 0 in reply to Jaydeep

    Thank you for your reply Jaydeep.

    -------------

    Scenario 1 : guarantee web surfing

    So from your link, to guarantee a web surfing bandwidth for example for vlan users, I will do the following :

    • Enable the QoS on the WAN interface with the Internet speed
      • We have 30 Mbps symetric, so to be conservative, I will set 10 % less. 27 Mbps downlink / 27 Mbps uplink

    • I will configure a traffic selector
      • Source : VLAN Users
      • Destination : Internet
      • Protocol : HTTP/HTTPS
    • Then a bandwidth pool on the WAN interface
      • Bandwidth : 6 Mbps
      • Traffic selector : Web surfing

    Scenario 2 : limit bandwidth for Microsoft updates

    I would like to limit the bandwidth used for Microsoft updates from our WSUS server.

    First, I was thinking about download throttling, but this is not the right tool for that, I think.

     

    Questions :

    1. So with scenario 1, internal users (from VLAN users) will have at least 6 Mbps for web surfing. Am I right ?
    2. So with scenario 2, how can I limit the banwitdh used for Microsoft updates ? Should I configure a bandwidth pool with a upper bandwidth limit ?

     

    Thanks a lot for your help !

Children
No Data
Unfiltered HTML