There is one thing that I don't understand about the Sophos Traffic Shaping settings. How can the Sophos XG determine how much bandwidth (download and upload) there is on multiple WAN, when you can only define a single value, the total WAN bandwidth.
In a scenario where you have multiple WAN, very different in term of bandwidth, jitter, latency, how can Sophos determine, for example, that on WAN A there is 90Mbps in down and 18Mbps in up and on WAN B 25Mbps in down and 3 in up. Without this basic knowledge how can you guarantee SIP traffic?
I agree it's little bit confusing user interface. Let me try to answer your query.
If you have 2 WAN interfaces (WAN A 90d/18u and WAN B 25d/3u) then you should consolidate all bandwidth and set total bandwidth as 136Mbps (90+18+25+3). Think of it as one common aggregated WAN pipe.
After that, based on different type of traffic shaping policies like application/web/user/firewall, you can orchestrate and divide your aggregated bandwidth between desired traffic. Along with it, if you can orchestrate your traffic using SD-WAN or static routing to particular WAN interface, you can decide usage of your WAN ISP link. That's how you can guarantee SIP (or any other) traffic.
If as admin, one make misconfiguration in traffic shaping policy, it's possible you won't be able to achieve desired results (limiting some traffic or guarantying some traffic).
Correct me if I'm wrong, with this traffic shaping logic it's not possible to shape traffic with two distinct policy over 2 WAN.
Sophos XG/XGS allow you to select the traffic shaping policy in the firewall rules, but firewall rule does not permit matching the outbound interface.
In the scenario that i described above, I set the total bandwidth on 136Mbps (converted in KB/s). Now I'd like to set 2 QoS rules for each WAN. The first for VoIP traffic, and the second for all the rest. This should result in 4 firewall rules:
1) SIP traffic over WAN1 -> apply QoS policy for SIP on WAN1
2) generic traffic over WAN1 -> apply QoS policy for generic on WAN1
1) SIP traffic over WAN2 -> apply QoS policy for SIP on WAN2
2) generic traffic over WAN2 -> apply QoS policy for generic on WAN2
I had the same objection: in the settings it only accepts a single number, but that's misleading. The answer I found -- based on a post by @Prism -- was to set that number to the maximum and then use the up/down settings on each Traffic Shaping policy/rule. The single number is an attempt to support a default (i.e. subtract everything else from the limit) but I think it doesn't work as Sophos thinks it might.
In your case, it sounds like 4 firewall-Rule-Based Traffic Shaping policies (or are they rules) that are applied to the appropriate firewall rules.
I had the same objection: in the settings it only accepts a single number, but that's misleading. The answer I found -- based on a post by @Prism -- was to set that number to the maximum and then use the up/down settings on each Traffic Shaping policy/rule. The single number is an attempt to support a default (i.e. subtract everything else from the limit) but I think it doesn't work as Sophos thinks it might.
In your case, it sounds like 4 firewall-Rule-Based Traffic Shaping policies (or are they rules) that are applied to the appropriate firewall rules.
