"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
We'd love to hear about it! Click here to go to the product suggestion community
What I know and tested:
-bandwidth pool and throttling in QoS can both do the job
-bandwidth pool uses traffic shaping while throttling is similar to policing
-bandwidth pools does not drop packets but instead re queues the packets instead
-throttling drops excess packets thus resulting for TCP to resend those dropped packets
-i have 2 ISPs connected with 9mb/1mb and 7mb/1mb download/upload speeds.
My question would be:
what would be the best approach in limiting users bandwidth on the LAN side. for now i have inbound traffic (internet->LAN) controlled by throttling. and my outbound traffic (LAN->Internet) is controlled by bandwidth pools.
is there any "improvement" or "degradation" on the user experience if I control/limit inbound traffic (Internet->LAN) for the users in the bandwidth pools? since the bandwidth pool uses traffic shaping that smoothens the traffic flow instead of dropping excess packets. attached are some screen shots
NEtwork topology ISP 1 QoS settings ISP 2 QoS settings
Since we have 2 ISPs configured with uplink balancing, I have to configure similar throttling rules on both our ISP interfaces on the UTM.
DL throttling on ISP 1 interface
DL Throttling on ISP 2 Interface
And now, I tried to replicate bandwidth limiting function to our internal LAN users through the "bandwidth pool" tab. while doing this, I turned off all bandwidth limiting rules on the "download throttling" tab to make sure that it is the "bandwidth pool" tab that's doing the limiting. and I've only just made a single rule on the LAN interface of the UTM.
so far, the download speed limit was working through the "bandwidth pool" rule i've set. screenshot attached below.
to wrap it all up, what would be the best approach if your going to limit download speed on your internal users. is it through the "bandwidth pool" tab that uses traffic shaping? or through the "download throttling" tab that is similar to policing which drops excess packets?
any inputs are very much welcome. i know my post is quite confusing but i just want to know which way would give our users a better experience in terms of web page loading and response while implementing download limits on their speed.
Hi, Jarold, and welcome to the UTM Community!
I would be interested in how you determined the items you listed at the top that you know. I believe that the same mechanism is used - the excess packets are dropped.
The advantage of a Bandwidth pool on the External interface as opposed to a Download Throttling rule on the Internal interface is that you can guarantee bandwidth to some traffic without limiting other traffic when it's not necessary to throttle it.
There are instances where even a Download Throttling rule on the External interface won't guarantee remaining bandwidth because the pipe is filled even though "extra" packets are dropped.
Cheers - Bob
In reply to BAlfson:
Thanks for the response.
I've read about shaping and policing on this link.
"The advantage of a Bandwidth pool on the External interface as opposed to a Download Throttling rule on the Internal interface is that you can guarantee bandwidth to some traffic without limiting other traffic when it's not necessary to throttle it.
There are instances where even a Download Throttling rule on the External interface won't guarantee remaining bandwidth because the pipe is filled even though "extra" packets are dropped."
By these statement I believe you are suggesting that the main difference between the two is that Bandwidth Pool have the "guaranteed" speed function and you can also cap it to a certain speed. while Throttling simply caps it without providing the "guaranteed" function.? did I get you right?
In reply to jarold143:
That's it, Jarold!
Thanks Bob! u da best