QOS recommendations to combat bufferbloat

There's isn't a lot to configure unless you want to do web category or application based QoS.

In general you can either create a User/Group or Network QoS policy, It depends if you have authenticated/clientess users or not in your home network.

For your setup, I recommend you to create three policies, one for IoT, another for the servers and a last one for family/general usage.

On the basics:

• Always use the "Shared" option at bandwidth usage type. (For home usage.)
• Remember to set the priority correctly on each rule.
• Set the Upload/Download limits separately since you don't have a symmetric connection.
• Be aware It uses KB/s (Kilobytes per second)

For the priorities you can use (0) for the family internet usage, (1) for the servers and (2) for the IoT stuff.

This should be enough to help with bufferbloat, here's a test I've made with my laptop over WiFi: (Using the Firewall QoS.)

Many thanks, I will simplify my rules, I currently have rules for each IOT device using the mac-address as the source etc.  I will then adopt the recommended approach above to test.  My Virgin connection is rated at C at mo for everything.  TBH I'll shift back to Vodafone ADSL when my contract up I expect.

On a side not is your XG 115W running Home version or a licensed unit?

It's licensed.

I recommend you to do DHCP static addressing and use the Clientless function, this will make It easier for you to manage the firewall rules.

Will look at that, prefered the mac based rules originally so I didn't have to worry about static mappings.  I do have a few reservations in the management LAN, but that's so that devices stay on same address or if they get reset to DHCP / loose their static IP they'll stay on same address.

Also got none routable networks for iSCSI and NFS etc.

Ring cameras I'd probably allocate a high priority, but will explore that

Can you mix and match traffic policies, define as you've recommended above, but also enable application based too for Netflix, Prime, FaceTime and so on?

Will look at that, prefered the mac based rules originally so I didn't have to worry about static mappings.  I do have a few reservations in the management LAN, but that's so that devices stay on same address or if they get reset to DHCP / loose their static IP they'll stay on same address.

Also got none routable networks for iSCSI and NFS etc.

Ring cameras I'd probably allocate a high priority, but will explore that

Can you mix and match traffic policies, define as you've recommended above, but also enable application based too for Netflix, Prime, FaceTime and so on?

Mike Scott said:

Can you mix and match traffic policies, define as you've recommended above, but also enable application based too for Netflix, Prime, FaceTime and so on?

The last time I've tried this It indeed worked as expected, here's some info from the Docs:

Sophos Firewall implements traffic shaping policies in a certain order if they're associated with more than one object in the firewall rule. For example, if you've applied a traffic shaping policy to more than one object in the firewall rule, the following order applies:

• Application
• Application category
• Web category
• User
• Group
• Firewall rule

(You can find more information about this on the Docs.)

Perfect, thank you.  Just been reading that page myself (via sophos assistant), so glad I'm on the right track.