traffic shaping in Sophos XG18

Hi, Thanks for reaching out to Sophos Community.

ISPs usually provide speeds in Mbps (Megabit per second) as you've mentioned.

XG measures bandwidth by KiloByte per second (KB/second). As 1 byte == 8 bit, Following this method backward, You get 0.25 byte for 1 bit.

In the same way, 1 Megabit (Mbps) == 125 KiloByte (KBps). This way if you want to set restrictions for about 10 Mbps for a user, keep the QoS to 1250 KBps (125x10).

In short, You can always multiply the Mbps you want to allow/restrict to users with 125 and that'll give you speeds in KBps.

For the second question, Keeping "Individual" will be allowing the configured bandwidth to each user, and "Shared" will share the defined bandwidth amongst users.

But If you're using the WiFi router in gateway mode (Router serves the DHCP and NATs req going forward to XG), XG will be seeing all the traffic coming from that router as a single IP/User and QoS wouldn't work as expected. 

Hope this helps :) 

Dear Devesh, thanks for your reply. 

Question 1 is cleared. The data transfer that i see in System graph is Kilobits though we configure KiloBytes in QoS.

Question 2 : what should be the best practice if we wish to give 100 Mbps QoS to one wifi router so that 50 connected users get 2 Mbps randomly.  

If the WiFi router is configured in bridged mode, then XG can see all the end machines by their IP addresses.

If this is the scenario, You can then configure a 2 Mbps QoS (250 KBps) and keep it as "Individual" Usage type and also set Rule Type as "Limit" instead of Guarantee. 

Setting Rule type to "Guarantee" will guarantee the defined speed to the users from the available bandwidth pool.

but ours is a network more than 254 IPs. we don't have that no. of free IPs. it will be difficult to configure the routers in bridged mode. 

also we have 4 such routers on our premises. nearly 30 people connect to each router. I tried by creating alias network in LAN and create dhcp range and give QoS policy to that DHCP range. but by that way even fulfilled my requirement,  wired users started getting IPs from that range. 

Our goal is to give some dedicated bandwidth to wifi users. Please suggest

Well in this case you might need to segregate the network using a switch and VLANs and then apply QoS to each network segment through the firewall rule. 

If you continue with the current setup with routers in gateway mode, QoS won't be applied adequately as XG only sees Router's NATed IP for all the traffic coming from clients behind those routers.

You can still create a bandwidth pool for the selective network by limiting with "Individual" Usage type. This way XG will allow the defined bandwidth to the router's IP and then it can be used by all the clients behind it.

Well in this case you might need to segregate the network using a switch and VLANs and then apply QoS to each network segment through the firewall rule. 

If you continue with the current setup with routers in gateway mode, QoS won't be applied adequately as XG only sees Router's NATed IP for all the traffic coming from clients behind those routers.

You can still create a bandwidth pool for the selective network by limiting with "Individual" Usage type. This way XG will allow the defined bandwidth to the router's IP and then it can be used by all the clients behind it.

My subnet is 192.168.40.0

My router ip is 192.168.40.21

192.168.40.22

192.168.40.23

Pls guide how to create traffic shaping policy that each connected user get 2 mbps approx bandwidth. Nearly 25 users will connect to each router.

As you said  "You can still create a bandwidth pool for the selective network by limiting with "Individual" Usage type."

As 25 users connect to each router, Create a QoS policy for 50 Mbps. Create separate firewall rules for each Router's IP and apply the same QoS Policy in each rule. 

This way you're giving the same QoS Policy to each router but we're not sure if this could result in each client having 2 Mbps strict bandwidth.

This would be a workaround and can't guarantee adequate results as discussed before.

Either way, You can create QoS on each router if they have the functionality available. 

With your network configuration, It's quite impractical to achieve this requirement. For this, you can segregate the network into VLANs through a switch and define VLANs on XG as well and have the DHCP serve to each client on VLANs.

i have done as suggested by you. 

as you can see in graph current figure is 10005.04 KBits/s
it means we are using only 10Mbps out of our 100Mbps line? (10005 Kbits/1024 = 9.77 Mbps)
is that true?

Correct, the bandwidth measurement is in KiloBit per second, and converting 10005 Kbits to Mbits would yield ~10 Mbps.

This graph shows the current utilization of the interface 10Mbps is being utilized.

You can also use the command in the console > system diag utilities bandwidth-monitor (Option 4 after taking SSH).