Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 4 answers
  • Subscribers 29 subscribers
  • Views 1088 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

category based traffic shaping

Moeed Aziz

Hello,

I am trying to apply Traffic Shaping on a newly created Web Category to allow specific business websites higher bandwidth than defined for the rule itself.

What i am trying to achieve is to allow 8 Mbps bandwidth for user falling in the rule, but for if use is working on fast.com website, the bandwidth allowed should be 20 Mbps.

But it seems to ignore the category based shaping of 20Mbps and rule shaping of 8Mbps seems to supersede, even if change the rule bandwidth shaping to None

Below is what i have done to achieve this:

here is my category based Traffic Shaping policy

and its applied here

Shaping policy for test rule:

Test Web policy

Here is my firewall rule.

Your advise will be highly appreciated.

p.s. I have already gone thru this and it does not help at all.

Limit bandwidth for a web category - Sophos (XG) Firewall

I am sorry if i have violated any community rules, as i am a newbie here.

regards,

Moeed



This thread was automatically locked due to age.
Parents
  • 0

    Hi 

    As per the snapshot you have shared please Tick mark on "Apply Web category-base Traffic shaping" to make it work.

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    The option you mentioned is not checked in the screenshot i shared, but i have checked it with both this option enabled and disabled and its not working either way. Moreover when i check this box, it also requires me to check the Use web proxy instead of DPI engine and i have been testing the rule with all the different combinations but to no avail.

  • 0 in reply to Moeed Aziz

    Hi Moeed Aziz,

    Please enable Scan HTTP and decrypted HTTPS scanning on the same firewall rule if traffic is passing from the same. Tick mark on "Apply Web category-base Traffic shaping" is required.

    If you enable HTTPS make sure SSL CA is installed. Please refer to the below link to install SSL CA : 

    support.sophos.com/.../KB-000035645

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to Moeed Aziz

    Hi Moeed Aziz,

    Please enable Scan HTTP and decrypted HTTPS scanning on the same firewall rule if traffic is passing from the same. Tick mark on "Apply Web category-base Traffic shaping" is required.

    If you enable HTTPS make sure SSL CA is installed. Please refer to the below link to install SSL CA : 

    support.sophos.com/.../KB-000035645

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Children
  • 0 in reply to Bharat J

    Dear Bharat,

    Thanks. But that is an awful long practice to apply the certificate on 1000 odd computers. So, is there no other way than using decrypted HTTPS scanning, to apply web category based filter. I just want to allow video conferences higher bandwidth than default.

  • 0 in reply to Moeed Aziz

    Hi,

    if you have that many computers on your network, I would expect you to be using management console of some sort that will allow you to deploy the CA to the computers.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Moeed Aziz

    Without decryption, the firewall is likely not able to find the correct category, therefore cannot apply traffic shaping. 

    __________________________________________________________________________________________________________________

  • 0 in reply to Moeed Aziz

    Hi Moeed Aziz 

    If you are managing Windows environment on LAN with AD server you can push the certificate at once with GPO  to the computers to meet the same requirement.

    Hope this might help.

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?