Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Subscribers 38 subscribers
  • Views 3534 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traffic Shaping

marco_47d

Hello,

i have a problem with a traffic shapring policy. I would like to limnit the user for internet traffic So i created a rule

for LAN to WAN and placed a places the lightly limited policy as traffic shaping.

The traffic in dection to the LAN will be shaped but the traffic that goes from LAN to WAN is not be shaped. How can

i manage that the shaping is working in both directions or is cause of the statefull firewall the incomming traffic not

checked against thte rule ?

 

BR

Marco



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Keyur

    Hello Keyur,

     

    yes it should be a rule based policy and not user based- We not have a user authentification on the firewall for that kind of traffic i want to shape.

    I just created a rule for the user from Wifi  network to shaqpe the traffic to the internet so my idea is that they not use all the bandwith for youtube etc.

     

    I am sure that the correct rule is used i checked it in the log file it points to the rule that i use for internet traffic. I put all pictures in a pdf i hope its okay. The

    share is of my german email provider that should not make a problem.

    https://c.gmx.net/@330243110770573523/77bUpx_lSmugX-viLVeIOQ

     

    My IP is the 172.16.0.218 in the Wifi Zone and i go to WAN Zone. In the log the traffic points to rule nr.9

     

    My test showed again Download Speed 20 Mbit and Upload 50 Mbit

     

    BR

    Marco

Children
  • 0 in reply to marco_47d

    Hi  

    The configuration seems to be correct, Can you please just verify the last step, when you check the packet capture in GUI, Please enable the packet capture >> Click on >> Show Additional Properties and select Application ID and verify if the same policy is applied on not, if you hover the mouse over it, it will give more details.

    If traffic shaping policy is applied the case required further investigation and I would recommend to contact technical support and open a service request.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Keyur

    Hello Keyur

     

    here ist the output.

     

     

    BR

    Marco

  • 0 in reply to marco_47d

    Hi  

    I request you to contact technical support and open a service request to investigate the issue further.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Keyur

    Okay thank you i will opnen a ticket.

     

    BR

    Marco

  • +1 in reply to marco_47d

    This may be related to how the XG enforces the limit and where the measurement is taking place.

     

    Website
    ^
    |  Not enforced.  XG will download the file at full speed.
    v

    XG

    ^
    |   Enforced.  XG will deliver the file to the client at restricted speed.
    v

    Client

     

    Just dealing with downloads as a example here.  When you put in a limit, the limit is not enforced at the XG to Website level.  Therefore from the perspective of the website, the download happens fast.  But the delivery to the file to the client is at the limited speed.  The perspective of the client, the download is limited.

     

    Let me give a more full example.  Lets say you have a WAN speed of 10MB/s, you are limiting the download speed to 1MB/s.

    User clicks on a 20MB file.

    XG downloads the 20MB at 10MB/s, taking 2 seconds.

    XG virus scans the files.

    XG sends the file to the client at 1MB/s, taking 20 seconds.

     

    If you ask the website, it took 2 seconds to download the file.  If you ask the client, it took 22 seconds to download the file.

  • 0 in reply to Michael Dunn

    Hello Michael,

    i think this is not what happening. We not using the firwall as a proxy server and the virus engine

    is not enabled.

    So there is about how traffic is handled. I checked now different Data that i had transfered and

    it looks like its shaped well. So for example client to dropbox or dropbox to client. Same like ftp server

    is working but my speed mesure tool on my cellphone seems to measure the traffic different ot better say

    it generates the traffic differennt not sure if its just udp packet but i will capture them with wirieshark if i

    have some time.

     

    So basicaly it looks like the traffic shaping is working. I will update my post when i examined the traffic and

    can say exactly what is the different in the testing tool

     

    BR

    Marco

Unfiltered HTML