Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traffic Shaping


i have a problem with a traffic shapring policy. I would like to limnit the user for internet traffic So i created a rule

for LAN to WAN and placed a places the lightly limited policy as traffic shaping.

The traffic in dection to the LAN will be shaped but the traffic that goes from LAN to WAN is not be shaped. How can

i manage that the shaping is working in both directions or is cause of the statefull firewall the incomming traffic not

checked against thte rule ?




This thread was automatically locked due to age.
Parents Reply Children
  • Hi  

    I request you to contact technical support and open a service request to investigate the issue further.


    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Okay thank you i will opnen a ticket.




  • This may be related to how the XG enforces the limit and where the measurement is taking place.


    |  Not enforced.  XG will download the file at full speed.


    |   Enforced.  XG will deliver the file to the client at restricted speed.



    Just dealing with downloads as a example here.  When you put in a limit, the limit is not enforced at the XG to Website level.  Therefore from the perspective of the website, the download happens fast.  But the delivery to the file to the client is at the limited speed.  The perspective of the client, the download is limited.


    Let me give a more full example.  Lets say you have a WAN speed of 10MB/s, you are limiting the download speed to 1MB/s.

    User clicks on a 20MB file.

    XG downloads the 20MB at 10MB/s, taking 2 seconds.

    XG virus scans the files.

    XG sends the file to the client at 1MB/s, taking 20 seconds.


    If you ask the website, it took 2 seconds to download the file.  If you ask the client, it took 22 seconds to download the file.

  • Hello Michael,

    i think this is not what happening. We not using the firwall as a proxy server and the virus engine

    is not enabled.

    So there is about how traffic is handled. I checked now different Data that i had transfered and

    it looks like its shaped well. So for example client to dropbox or dropbox to client. Same like ftp server

    is working but my speed mesure tool on my cellphone seems to measure the traffic different ot better say

    it generates the traffic differennt not sure if its just udp packet but i will capture them with wirieshark if i

    have some time.


    So basicaly it looks like the traffic shaping is working. I will update my post when i examined the traffic and

    can say exactly what is the different in the testing tool