Thread Info
  • Replies 6 replies
  • Subscribers 32 subscribers
  • Views 22572 views
  • Users 0 members are here
Options
Suggested

Sophos Firewall: How to Configure QoS and understanding the conceptual difference between the shared and individual

Vivek Jagad

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

Overview

The purpose of the Recommended Read is to instruct on how to configure QOS to limit user bandwidth.

Topology

Configuration 1: Rule Base

Step1: Trafic-Shaping Policy

 To limit the bandwidth to 10 Mbps, go to CONFIGURE > System services > Traffic Shaping.
             


Step2: Firewall rule
Go to PROTECT > Rules and policies> Add.



Step3:Testing of Results

Go to web browser and test on any speed test site (e.g. https://www.speedtest.net/)

Configuration 2: User Base

Step1: Creating User Base

Here, we’re using clientless users. Go to CONFIGURE > Authentication > Clientless users.


Step2: Traffic Shaping Policy

Under Traffic> Policy association, Click the Users Radio button.


Step3: Enabling User's Policy

Under the Firewall rules > Other security features. Select the policy created.




Step4: Results

Conceptual Difference between the Shared and Individual

Example for Individual concept:

#4 users
One firewall rule
1QOS 1mbps individual
each will get 256

#Same for two firewall rules
Two users each rule
1QOS 1mbps individual
Each will get 512

#Now four rules for four users
One user for each firewall rule.
Each will get 1MBPS

Example for Shared concept:

4 users
One firewall rule
1QOS 1mbps Shared

#Same for two firewall rules
Two users each rule, a total of 4 users
1QOS 1mbps shared
Each will get 256

Now four rules for four users
One user of each firewall rule.
Each will get 256

 Individual - multiplying factor.
Shared - Within that QOS range.

Note - To illustrate the conceptual difference between the two options, we used 1 Mbps as an example.
To convert Mbps to KB/s, there is a link - https://www.gbmb.org/mbps-to-kbs

I hope this Recommended Read has helped you achieve your requirements and clarified your doubts.



Revamped RR Added Horizontal Lines Corrected Grammar and Font Size
[edited by: Erick Jan at 12:44 PM (GMT -7) on 25 Sep 2023]

  • Hello!

    Is there any way to disable User-based QoS for a certain Firewall rule? User-based QoS policies are applied to all Firewall rule that have the user, including LAN to LAN traffic.

    As an example: If you create a custom QoS policy for a certain user directly for LAN to WAN traffic, all other Firewall rules that have the same user as authentication will also fall to the same QoS policy.

    Because of this, if you have a 10 Mbit/s QoS policy for WAN, even the internal LAN to LAN traffic that doesn't need any QoS will also be limited to 10 Mbit/s

    Thanks!

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • in reply to Prism

    Hey  ,

    Thank you for such an interesting query, well I did check in my labs be it LAN to LAN OR LAN to VPN...etc.. If the User-based QoS is applied the user's bandwidth will be still me limited to 10 Mbit/s. So As of now this a limitation and we can not disable User-based QoS for a certain firewall rule. This can be raised as a FR or submit as a feedback from the product itself. 

    A workaround would be to create a MAC/IP base rule that prioritizes bandwidth usage.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Hello, I want to get rid of my doubts about QoS; I hope you can give me a guide on that and I would be grateful.

    Shared 2:1; I must create 1 rule per user IP which I will add a QoS that will be shared for 2 clients.
    Specific plan 30Mbps must show the speed test; when 2 users are connected at the same time it can show you 30Mbps or the guaranteed 15Mbps.

    Shared Public Wifi; I must create 1 general rule which I will add a QoS that will be shared for clients.
    Specific 5Mbps plan must show the speed test; which will have a 5Mbps limit

    Single 1:1; I must create 1 rule for each user IP which will add a QoS that will be unique for each user.
    Specific plan 40Mbps must show the speed test; which will have a limit and guaranteed 40Mbps

    How to create a QoS rule for VPN and prioritize connectivity.
    Can you confirm if the QoS is properly configured, the issue of priority can better explain its functionality.

    drive.google.com/.../1s9fxeyzXAZbHApsRT-LRJ2AVahCoN7FH

    I attach images so that it can be downloaded and they can validate my processes; thank you so much.

  • in reply to Jorge Suarez

    hey  yup as you have described your requirement and the screenshot mentioned the configurations looks correct ! 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • in reply to Vivek Jagad

    Hello, so my explanation is correct, based on the rule for two users to share QoS.
    What is the difference and individual when creating a QoS rule, what is the objective of prioritizing a QoS; Can you help me create a specific rule for VPN in order to give you better quality of services.
    I can create quality of service to the user through specific applications; example high priority zoom themes, youtube, mail or game applications.
    Thanks for your help.

  • HI Sophos
    Can you expand the details of "Conceptual Difference between the Shared and Individual" section?

    I'm sorry but what is currently shown is at best some basic notes- there's not enough information to explain how the system actually works.

Unfiltered HTML