Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 40 subscribers
  • Views 2324 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

QOS Sanity Check : Policy Rules->Individual BW Usage Type->Individual Limit Separately-> Enable

djdrastic

Hi just doing a sanity check for some QOS configuration.

I have a site that needs an unauthenticated /24 subnet to connect to certain fqdns and need to throttle individual clients in the subnet to a max of around 10 Mbits (1250 KBits)

Setting a QOS rule attached to a firewall rule does not seem to result in bandwidth being allotted per client as I can see from the client connection and performance it seems like the qos ceiling gets when a couple of clients upload data hitting this rule and latency shoots to over +200 ms for these destinations causing connections to time out to other clients.

Firewall is running 19.5



This thread was automatically locked due to age.
Parents
  • +1

    Hello  ,

    Thank you for reaching out to the community, well let me explain you the conceptual difference between the two:

    Example for Individual concept:

    #4 users
    1 firewall rule
    1QOS 1mbps individual
    each wil get 256

    #Same for 2 firewall rules
    2 users each rule
    1QOS 1mbps individual
    Each will get 512

    #Now 4 rules for 4 users
    1 user each firewall rule.
    each will get 1MBPS

    Example for Shared concept:

    #4 users
    1 firewall rule
    1QOS 1mbps Shared

    #Same for 2 firewall rules
    2 users each rule total of 4 users
    1QOS 1mbps shared
    Each will get 256

    #Now 4 rules for 4 users
    1 user each firewall rule.
    each will get 256

    Individual - multiplying factor
    Shared - Within that QOS range
    ex : 1mbps

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Reply
  • +1

    Hello  ,

    Thank you for reaching out to the community, well let me explain you the conceptual difference between the two:

    Example for Individual concept:

    #4 users
    1 firewall rule
    1QOS 1mbps individual
    each wil get 256

    #Same for 2 firewall rules
    2 users each rule
    1QOS 1mbps individual
    Each will get 512

    #Now 4 rules for 4 users
    1 user each firewall rule.
    each will get 1MBPS

    Example for Shared concept:

    #4 users
    1 firewall rule
    1QOS 1mbps Shared

    #Same for 2 firewall rules
    2 users each rule total of 4 users
    1QOS 1mbps shared
    Each will get 256

    #Now 4 rules for 4 users
    1 user each firewall rule.
    each will get 256

    Individual - multiplying factor
    Shared - Within that QOS range
    ex : 1mbps

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Children
  • 0 in reply to Vivek Jagad

    Thanks that clears it up.I'll have to take a max or aggregate of the servers that are there then and get a reasonable value to allocate to them.

    The KB isn't exactly clear how this works exactly. Might be a good idea to attach a PDF how shaping works as you've just explained given 2 different scenarios.

Unfiltered HTML