Just started looking at this and wondering if anyone's already got it figured out. We're a single domain with 8 subnets over 4 branches. Internally we're fine with Gb connections between branches but are bottle necking at the esternal interface. We'd like to divide our external bandwidth (10Mb) into one 6Mb and one 4Mb and then define which subnets go to which throttled down internet connection. Any suggestions on the best way to proceed?
For traffic leaving your networks to the Internet, rather than limit the uplink bandwidth available to either group, Astaro 'Quality-of-Service' offers an elegant solution: it allows you to guarantee available bandwidth, thus not limiting bandwidth unless it's necessary. These QoS rules go on the External interface, and the total bandwidth guaranteed should be less than 95% of the total available.
However, if it's downloads (traffic coming from the outside), you're stuck with limiting the bandwidth. These QoS rules go on the Internal interface.
Cheers - Bob
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005