This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Shaping not working

I have an inbound DNAT rules WAN -> HTTPS for an on-prem Exchange server.

I'm doing a mailbox migration to Office 365 which involves repeated requests from 365 to port 443, hitting my DNAT rule.

This is currently saturating my WAN link which has an upload capacity of around 1Mbit/second and a download capacity of around 10Mbit/second, giving me ping times >2seconds.

I created a Shaping Rules Rule to limit inbound traffic to 60KBps (600Kbps) and applied the Rules Rule to the Firewall Rule. This didn't make a difference. Upload still saturated the link at 1Mbit/second.

I then changed the parameters of the Rules Rule to 30KBps (300Kbps), and then to 10KBps (100Kbps), but still no difference.

I then set the Shaping defaults to have Total Available WAN Bandwidth of 60Kbps (600Kbps) with a default policy of 10KBps (100Kbps), but the link still stays saturated at 1Mbps.

What am I missing here?

Thanks

James

This thread was automatically locked due to age.

0 jamesharper over 7 years ago

So... the thing I was missing seems to be that when a Rules rule is applied to a DNAT firewall rule, RX and TX are swapped. This has to be a bug right? I wanted a single "bulk traffic" shaping rule to define a pool of bandwidth that all non-realtime traffic could share, but it seems that this isn't possible. I guess I was already defeated by the fact that App rules and Rules rules can't be in the same shared pool though.

I also created a "Default (Rules)" shaping rule and applied it to all my other firewall rules to get around the fact that you can't specify RX/TX separately in the global config.

For now, the problem is solved and I have a solution that works quite well. Latency and RDP responsiveness are great.

James
Cancel
Vote Up 0 Vote Down

Cancel