Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Getting lost with Traffic Shaping / QoS

Hi all,

We have a very busy site, with a 1Gb leased line connected to an XGS2100.

I'm reading the Sophos literature on traffic shaping and wanted to check really how to get a simple approach fixed.

Note, half our users are mac based, so we don't have users authenticating to the XG.  So in my head, user based rules will fail straight off?

So ideally I'd like to set a minimum bandwidth per user of say 5Mbps, so that at any given point, if users are going really heavy, everyone else still has "at least" 5Mb bandwidth for Teams calls etc, and light browsing / emails

If possible, it would also be good to be able to set a "maximum download bandwidth of 400Mbps per user" in addition to the minimum 5Mbps.

Is this easily possible?

I've had a look at traffic shaping settings and i'm assuming on a 1024Mbps line, with overheads, I set the Total bandwidth to 115000 KBps

Then enable VOIP and Enforce guaranteed bandwidth.

Guarantee I've set to 1250 KBps, which I assume is an all round minimum setting, as in never allow the speed to drop less than 10Mbps

But Limit, I guess I set to 1150000 KBps (920 Mbps) ?

And is that page more for all round, and not user / IP / App specific?

And then os QoS policies, do I add a Rule / Guarantee / Individual rule, for minimum 625 KBps (5Mbps) and add to our generic LAN to WAN rule?

But then how do I set a max 400Mb individual policy?

Thanks in advance



Added TAGs
[edited by: Raphael Alganes at 3:08 PM (GMT -7) on 23 May 2024]
Parents
  • If you use DHCP to assign IPs and reserve IPs for the Macs, you can use Clientless Users for them. (It's what I do in my network of all Macs.) Then user-based rules are possible.

    Also, you can use App-based rules to preserve bandwidth for Teams, etc. That's a little confusing -- you need to check the box in the firewall rule to use app-based rules, then set up things in the app defaults.

    Not quite understanding some of your issue in that System Services > TrafficSshaping rules have a min/max so you can set a min of 5 and max of 400. Do all of your work there. Set up a default rule of the appropriate type (maybe rule-based if your LAN-WAN goes through a single firewall rule). I haven't found the "Default Policy" in the Traffic Shaping Settings to actually work as you might expect.

Reply
  • If you use DHCP to assign IPs and reserve IPs for the Macs, you can use Clientless Users for them. (It's what I do in my network of all Macs.) Then user-based rules are possible.

    Also, you can use App-based rules to preserve bandwidth for Teams, etc. That's a little confusing -- you need to check the box in the firewall rule to use app-based rules, then set up things in the app defaults.

    Not quite understanding some of your issue in that System Services > TrafficSshaping rules have a min/max so you can set a min of 5 and max of 400. Do all of your work there. Set up a default rule of the appropriate type (maybe rule-based if your LAN-WAN goes through a single firewall rule). I haven't found the "Default Policy" in the Traffic Shaping Settings to actually work as you might expect.

Children
No Data