QOS not working

Question

Hi Group, attempting to limit outbound CIFS traffic from servers sitting behind the sophos to computers on the Internet. 
 Here is how it is setup. 
 A traffic selector was created as follows- Internal Network --> CIFS --> Any 
 Then a bandwidth pool bound to the External Interface was created as follows- Specify upper bandwidth 1000 kbits, traffic selector from above chosen. 
 I'm trying a file copy from the server behind the sophos to my home pc, bandwidth is not being limited. This should work. I'm coming in over VPN and I have 'keep classification after encapsulation' enabled in advance. 
 Any ideas here?

DouglasFoster · Answer

Try reversing the rule. The VPN client device is initiating the connection to the server's SMB port, so I think it needs to be on the Source side. 
 For security reasons, CIFS/SMB from internal machines to the internet should be blocked with firewall rules, so spammers cannot trick you into connecting to an SMB share on their servers. 
 I think your revised rules look like: 
 QOS: 
 
 vpnpool -> cifs -> Internal Network 
 
 Firewall 
 
 Internal Network -> CIFS -> vpnpool ALLOW (optional, if a VPN client might act as a file server) 
 Internal Network -> CIFS -> Any DENY