Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 18564 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Upload bandwidth not being throttled

SoulDragon

Hello,

I have remote access SSL and L2TP VPNs set up and have been trying to throttle users to 1m down/up.  I have been able to successfully get the throttle to work for downstream, but upstream is still unthrottled.  My throttling rules are fairly simple.

Here are the traffic selectors:

 

Here are the Throttling Rules:

 

Here are the results of the speed test when on VPN:

 

Does anyone have any suggestions?  I cannot find anything and have been beating my head on this all week.



This thread was automatically locked due to age.
  • 0

    Your first two pictures are too small, so they are illegible.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    Hi Soul,

    Configure a throttling bound to interface "Internal", you can find this option to the right of the new download throttling button. I think this should help as the traffic will be uploaded and the navigation will be internal to external.

    Any help?

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Here are better pictures:

     

     

    Also, I don't know if Sachingurung's suggestion will work as this deployment is strictly for the VPN, and thus only has one interface that all traffic flows through:

     

  • 0 in reply to SoulDragon

    If your "In and Out" interface doesn't have a public IP on it, L2TP/IPsec Remote Access can't work.

    There's no such thing as an upload throttle" in WebAdmin.  Delete your #2 Download Throttling rule as it can have no effect.

    You will need to create a Bandwidth Pool with an upload limit on the same interface for each individual VPN IP you want to control.  With L2TP/IPsec, you can assign a fixed IP for each user.  With the SSL VPN, the individual IPs assigned are in the sequence 2, 6, 10, 14, 18, ...  The easiest is probably to spend a few weeks with no Bandwidth Pools and then check the logs to see which IPs had been used.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    It does indeed have a public IP or it would indeed not work.  The speedtest screenshot was from a user on the VPN.

     

    I suppose I will go about creating a bandwidth pool for each individual IP to limit the upload, but this implementation seems very unwieldly.

     

    Thanks for your help.

  • 0 in reply to SoulDragon

    I created bandwidth pools for each user and limited them to 1meg using (User Network) -> any -> as the traffic selector and it seems to work.  I did have to do it for 27 separate account though to limit each ones upload to 1meg.  It did indeed work but it took me about an hour to do it to 27 accounts, I can only imagine how long it would take if I had to do this for a decent sized company.

  • 0 in reply to SoulDragon

    Agreed - an unwieldy process!  Perhaps you could make a suggestion or comment and vote on an existing one at Ideas.  Please come back here with a link to that.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML