Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 1185 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

QoS RDP Traffic via IPSec Site2Site

danny_mv

Hallo zusammen,

vielleicht könnt ihr mir Bestätigen, ob meine Lösung korrekt ist oder totaler Murks. Ggf. habt ihr bessere Ideen oder sagt, dass meine Anforderung auf Grund des Tunnels gar nicht realisierbar ist.

Anforderung: Wir haben einen Terminalserver und unser ERP/WaWi in die Cloud ausgelagert. Zwischen unserem Netz (A) und dem Cloud Netz (B) besteht eine IPSec Verbindung. Die User greifen vom internen Netz i.d.R. via RDP auf den TS in der Cloud zu. Für alle Services zwischen A und B soll ein QoS mit mind. 20000 kbit zugesicherter Geschwindigkeit greifen (100mbit Synchron gesamt Verfügbar). 

Meine Konfiguration: 

Netz A (Internal): 172.15.2.0/24

Netz B (Cloud Netz): 192.168.5.0/24

Services: ANY

Verkehrskennzeichner:  

1. Traffic OUT : Netz A --> ANY --> Netz B

2. Traffic IN : Netz B ---> ANY --> Netz A

Bandbreiten-Pools:

Gebunden an External:

Garantierte Bandbreite 20000 Kbit/s , Verkehrskennzeichner: Traffic OUT

Gebunden an Internal:

Garantierte Bandbreite 20000 Kbit/s , Verkehrskennzeichner: Traffic IN

Ist die Konfiguration so korrekt oder habe ich etwas übersehen?

Grüße!



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

     Thank you for contacting Sophos support. From google translator what I got is you need to apply QOS over IPsec for RDP service. For which make sure from advance tab under QoS option is enabled for Keep classification after encapsulation. This option could help to achieve what you looking for.

    The assignment of an encapsulated IP packet to a traffic selector works as follows:

    1. The original IP packet is compared with the existing traffic selectors in the given order. The packet is assigned to the first matching traffic selector (e.g., Internal -> HTTP -> Any).
    2. The IP packet gets encapsulated, and the service changes (e.g., to IPsec).
    3. The encapsulated packet is compared with the existing traffic selectors in the given order. The packet is assigned to the first matching traffic selector (e.g., Internal -> IPsec -> Any).

    4. If no traffic selector matches, the assignment depends on the Keep classification after encapsulation option:

      • If the option is selected, the encapsulated packet will be assigned to the traffic selector found in step 1.
      • If the option is not selected, the encapsulated packet will not be assigned to any traffic selector and therefore cannot be part of a bandwidth pool.
  • 0 in reply to FormerMember

    Hi Kishan, thank you for the fast answer. Now, I´ve selected classification after encapsulation. But are my Bandwith pools also configured correctly? I´m not sure the bandwith pools are bounded to the right interfaces. Are there?

  • FormerMember
    +1 FormerMember in reply to danny_mv

    Traffic selectors work based on service we specified so source and destination you can set based on your requirement. So this configuration should be able to achieve your goal. Further, you can refer to this document on page169 https://docs.sophos.com/nsg/sophos-utm/utm/9.6/pdf/en-us/administration-guide-9.600.pdf this will give more information about how to use QoS configuration.

Unfiltered HTML