Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 8954 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is this a sensible QoS to prevent any one user from eating all the bandwidth?

Mateusz Bender

Sorry if the following question is a bit too basic... I'm new to QoS in general (not only in UTM).

We have a rather slow symmetrical internet connection at the office: 30/30 Mbit. I've created the following QoS setup on our UTM:

- enabled QoS on the LAN interface with default speed limit (1000) and disabled all the options (limit uplink, downlink, optimization)
- enabled QoS on the WAN interface with limit of 30/30 and enabled all the options
- I've created two traffic selectors: one for all traffic coming from ANY using ANY service to our LAN network, and one for all traffic coming from ANY using Web browsing protocols to our LAN network
- I've created two download throttling rules: first using the web browsing traffic selector with a limit of 20480 kbit/s (shared) and the second using the generic incoming traffic selector with a limit of 25600 kbit/s (shared once again)

From what I saw, HTTP and HTTPS traffic is the bulk of our internet usage. My question: is the above a sensible initial configuration to ensure that no one will "eat up" all the bandwidth?



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to sachingurung

    I've already read that article. It's very basic and I feel it describes more how to navigate the UI and what is required to get any QOS rules actually working (the example shows an ANY-ANY-ANY setting). I'd like to know if, given the low speed of our network the settings I've made make sense.

    Also, one thing that baffles me a bit is... what if you want to have different QoS rules for different interfaces?

Children
  • 0 in reply to Mateusz Bender

    Mateusz, is your only requirement to "prevent any one user from eating all the bandwidth?"  Please show us Edits of your Traffic Selectors, Bandwidth Pools and Download Throttling rules.

    There may be other issues, but I would not select any box in Interfaces on the 'Status' tab.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I've actually dug a bit deeper and found out what I was doing wrong.

    Basically, I created throttling rules without any bandwidth pool rules. I've since done some testing, research and reading, and I think I have it figured out (at least more or less). I've created bandwidth pool rules for the critical processes (VOIP being one I wanted to guarantee, for example) and set stuff like HTTP lower (and streaming content even below that).

    That said, I am a bit surprised by your suggestion to "not select any box in Interfaces on the 'Status' tab". Can you explain why? The internal LAN interface, indeed, has all these options turned off, but it feels like these options make a lot of sense for the WAN interface (which is limited to 30/30Mbits).

  • 0 in reply to Mateusz Bender

    The situation is clearer if you only have explicit rules.  When you think you have them where you want them, try the check boxes to see if there's any noticeable effect.  In the past, check boxes would override some explicit settings, so I developed a habit to always start with them empty.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML