Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 30678 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

have anyone problem to apply traffic shaping limit bandwidth?

BrunoZavettieri

HI all,

after installing a Sophos XG by a customer users occasionally report an internet line lock. The monitoring exercise showed an excessive bandwidth use of some PC saturating traffic (traffic type was microsoft windows update it seems).

We tried to put some limitations with the policy of traffic shaping. We have created a clientless host for each PC and applied a traffic policy to limit the bandwidth for each host.

But it seems that the bandwidth continues to be saturated at random by some hosts.And seems that traffic shaping policy is not applied.

Someone has already had the goalscoring stakes type of problems?

thanks,



This thread was automatically locked due to age.
  • 0 in reply to SicorS.p.A.

    TL;DR On the firewall admin page, go to Protect>Web>Exceptions and set Microsoft Windows Update to ON

     

    For more background, see https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/83932/where-is-the-traffic-going/313940#313940 and the link to the earlier forum post within that thread.  Not sure why this is not spelled out more clearly as it impacts everyone with Windows 10 machines are their networks.

  • 0 in reply to Greg CT

    Greg,

    from what I understand what you suggest will stop the XG from scanning the WindowsUpdate traffic, that being what is creating a lot of repetitive downloads (because the XG doesn't like what it scans, it doesn't deliver it to the computer on the LAN and the computer restarts the download).

     

    However, this doesn't fix the initial issue, that is traffic shaping the WindowsUpdate traffic.

     

    I don't want to put a "2 Mbps per user/computer" policy, I want WindowsUpdate traffic only to the shaped/caped (or have it forbidden at days, allowed at night/week-ends).
    I did quite a lot of tests, tried everything I could find on the forum but some traffic is still going through (the one not served by Microsoft servers but by Akamai).

    The current (last august) "official" answer from Sophos seems to be "use the new GPO from anniversary update", I want/need to deal with it on the XG (because all computers are not in a domain).
    https://community.sophos.com/products/xg-firewall/f/network-and-routing/77683/windows-10-updates-killing-the-network

     

    Any other idea to deal with Windows Update traffic shaping/caping?

  • 0 in reply to David Touitou

    David,

    DavidPeterson's last reply in the thread I referenced points to the problem:

    "I should add that early on in this I did find what was far and away the largest traffic flow of 6+GB, which matched what the carrier saw from Microsoft, was identified by Sophos not as BITS, HTTP transfers or downloads, Windows\Microsoft updates, but as "application/octet-stream."  That may explain why standard attempts to control this don't work, if controls aren't matching what Sophos thinks it sees."

    So, if you have traffic shaped the WindowsUpdate and BITS traffic and are still having issues, it is likely that Sophos is identifying some of the update traffic as application/octet-stream and there is no way that I know of with the current firewall software to traffic shape this traffic.

    Greg