This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9 : QoS best practices

Hi,

 

Here is a quick network diagram :

 

 

Our context / goal : 

  • Some users are experiencing slow Internet. 
  • So we would like to optimize our outgoing Internet traffic. 

Questions :

  1. If we do not host any service internally, only outgoing traffic to Internet. Should we set QoS on internal interfaces ?
    • For example : on internal vlan interfaces (users, servers, network…)
    • Because this will have an impact on internal bandwidth between users and servers.

  2. If we should set QoS internally to optimize our outgoing internet traffic, should we have a total of all QoS for internal interfaces under a total of external interface ?
    • For example :
      • Interface server : 10 Mbps (QoS)
      • Interface user : 20 Mbps (QoS)
      • Interface external (internet) : 30 Mbps (QoS)

  3. If we configure a RED tunnel, should we configure the QoS with the same bandwidth QoS on both sides ?

  4. Could we configure a bandwidth pool without any QoS interface enabled ? Is is useless ?

  5. What are the best practices to configure bandwidth pool or download throttling ?
    • From a specific rule to a global one ?


This thread was automatically locked due to age.
Parents
  • Salut Denis,

    I have a different approach, but your question is, in fact, many questions at once.  Normally here, the rule is "one topic per thread."

    Set External for 30/30.  Don't select either limit as that should only be used for an ISP connection that has variable cost based on volume.  If you're going to put any Bandwidth Pools on External, don't select 'Upload optimizer'.

    I don't understand why you would limit internal traffic between your WSUS server and the clients, nor why you would want to limit traffic to it unless you wanted to use a Time Event to limit the blocking to during working hours.

    1. No.  A Bandwidth Pool guarantees only outbound bandwidth.  Web surfing won't be affected by your Bandwidth Pool.

    You may want something like 'Internet -> HTTP/S -> Internal (Network) : guarantee 6Mbps' on the Internal interface, but it may be too early to tell.  When you have confirmed a problem, please start a new thread and ask about it.

    A Bandwidth Pool is ineffective if it's on an Interface that's not enabled for QoS.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank you for your reply Bob

     

    BAlfson said:

     

    Set External for 30/30.  Don't select either limit as that should only be used for an ISP connection that has variable cost based on volume.  If you're going to put any Bandwidth Pools on External, don't select 'Upload optimizer'.

     

    Ok we have an internet speed 30/30 Mbps, so I should set 30/30 directly with no margin

     

    BAlfson said:

    I don't understand why you would limit internal traffic between your WSUS server and the clients, nor why you would want to limit traffic to it unless you wanted to use a Time Event to limit the blocking to during working hours.

     

    I do not want to limit internet traffic between our WSUS and the clients, but I would like to prioritize some outgoing traffic (web surfing, zoom meetings...) and limit the outgoing trafic not so important like our WSUS server downloading Microsoft updates.

     

    BAlfson said:

    1. No.  A Bandwidth Pool guarantees only outbound bandwidth.  Web surfing won't be affected by your Bandwidth Pool.

    You may want something like 'Internet -> HTTP/S -> Internal (Network) : guarantee 6Mbps' on the Internal interface, but it may be too early to tell.  When you have confirmed a problem, please start a new thread and ask about it.

    A Bandwidth Pool is ineffective if it's on an Interface that's not enabled for QoS.

     

    Hum I do not understand, from my perspective, if bandwidth pool is only outbound bandwidth, that's correct. So I can set a bandwidth pool with 6 Mbps from VLAN users to Internet for web surfing, nope ?

     

    I will check that, because that's our biggest question. Depending how we can prioritize our traffic, we will do differentes rules and bandwidth pools.

     

    Thank you :)

  • Until you have an observed problem, Denis, I wouldn't configure QoS.

    "So I can set a bandwidth pool with 6 Mbps from VLAN users to Internet for web surfing, nope ?"

    If all users surf using UTM Web Filtering, you cannot make separate QoS rules for different LAN/VLANs.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank you Bob.

     

    I would like to setup the QoS, because we have some issue with slow Internet.

    So I would like to be sure some traffic have enough traffic (zoom meetings, web surfing...) and for all other traffic they will use the remaining bandwidth only.

     

    Thank you,

     

    Denis.

Reply
  • Thank you Bob.

     

    I would like to setup the QoS, because we have some issue with slow Internet.

    So I would like to be sure some traffic have enough traffic (zoom meetings, web surfing...) and for all other traffic they will use the remaining bandwidth only.

     

    Thank you,

     

    Denis.

Children
  • What do you mean by slow Internet, Denis?  Is the issue that voices are garbled for Zoom participants in your building or do people outside your building complain that your voices are garbled?  What, specifically, are you experiencing?  When the problem occurs, what traffic appears to be causing it?  Please show a picture of the 'Interfaces' tab in WebAdmin.

    Have you looked through Network Firewall or Proxy Server Settings for Zoom?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA