For reference: firmware version 18.0.4 MR-4
I'm a bit confused on Traffic Shaping on Sophos XG, as it pertains to upload vs. download limits and Traffic Shaping tied to Firewall Rules. My main question is, does the XG consider download to always be traffic from the WAN, or does it consider it to be traffic that originates from the destination side of the rule?
For clarity, say I had two rules: One for traffic out to the internet ("LAN to WAN"), and one for a port forward from the internet ("P.F. WAN to LAN"). If the XG always considers the "upload" side of the traffic shaping rule to be traffic going out to the internet, then it would shape traffic as follows:
"LAN to WAN": Upload is traffic from LAN going to WAN, download is return traffic from WAN going to LAN.
"P.F. WAN to LAN": Download is traffic from WAN going to LAN, upload is return traffic from LAN going to WAN.
However, if the XG always considers the "upload" side of the traffic shaping rule to be traffic going from the source to the destination, then it would shape traffic as follows:
"LAN to WAN": Upload is traffic from LAN going to WAN, download is return traffic from WAN going to LAN.
"P.F. WAN to LAN": Upload is traffic from WAN going to LAN, download is return traffic from LAN going to WAN.
As you can see, depending on what the XG considers upload vs. download, the "P.F. WAN to LAN" rule would end up getting traffic shaping flipped around. This is mostly important because I'm trying to use a shared pool for all my bandwidth, and my WAN link is not symmetrical. I want to be able to give my VoIP VLAN a guaranteed amount of bandwidth, and I want all my other rules to use a shared bandwidth pool that has a limit imposed. If the XG handles upload vs. download using the first example, then I'm in business. If it uses the second example, then I have to "carve out" portions of my bandwidth for each group of firewall rules that flow in the same direction.
Thanks in advance.
This thread was automatically locked due to age.
