Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 11259 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

QOS - Bandwidth equalization between LAN device.

Franciscus

We're trying to setup the QoS with this scenario:

1- Basic rule to equalize the bandwidth for each device of a given network.

2- Traffic shaping rule to slow down high volume, not realtime traffic (like windows update, zip file download, etc).

 

We can setup XG 16.5 for the point 2 but we doeasn't found anything for point 1.

We can implement something when we have AD integration and control on user but we doesn't found anything to do this simply when we doesn't have AD integration or when device are not autenticated on AD.

What we miss?

For example:

we have a network with android tablet, PC, smartphone and a Linux NAS on the subnet 192.168.0.0/24 all in the same zone.

We want to limit the speed for Windows update and when all devices are trying to use internet we want to equalize bandwidth between them.



This thread was automatically locked due to age.
  • 0

    Create two traffic shaping policies under system services > Traffic shaping

    Now go to applications > Traffic shaping default and edit storage and backup (windows update is under that category) and apply application throttle that you created above

     

    For #1. In your firewall rule under Traffic Shaping Policy, choose the share traffic policy and

    For #2 Make sure Apply Application-based Traffic Shaping Policy is checked

     

    Disclaimer: I haven't tested this so you may have to fine tune a little. Here is a KB article on this but I didn't read it https://community.sophos.com/kb/en-us/123061 

  • 0 in reply to Billybob

    Hi Billybob, thanks for the reply but, as we said, we have already implemented a TS rule based on Application. What we need now is a TS policy based on firewall rule that equalize the bandwidth for each device of a given network, so that there can not be a client that saturates all the bandwidth. At the moment it can be implemented using individual TS policies applied on single users, with a guaranted bandwidth and the possibility to use the whole bandwidth if available, but in this case it has to be active the user authentication. If we not use the user authentication, from what we can see, there is no way to obtain the same result with a TS policy based on firewall rule, unless we create a firewall rule for each client IP in the LAN. Can you help us for this purpose?

  • 0 in reply to Franciscus

    Franciscus,

    did you try to create a QoS where the policy is based on Rules?

    https://community.sophos.com/kb/en-us/123058

    Thanks

  • 0 in reply to lferrara

    Hi lferrara,

    as explaned before, we also tried to create a QoS policy based on Rules, but using the Individual Bandwidth Usage Type option, though we use the Rule Type Guarantee option, the guaranteed bandwidth is shared anyway with all the clients in the network and it is not reserved to each clinet/IP as we think it should be. I hope I've explained the problem well

    Thanks in advance for the help

  • 0 in reply to Franciscus

    As Luk pointed out, you will have to create a "limit" rule and not guarantee rule if you want to limit users individually in firewall rules. You can also try clientless users option and then limit the clientless group to a certain limit if you don't want to edit every single user.

    Guarantee bandwidth is used for voip or similar traffic that you want to prioritize over other traffic. It is not suitable for throttling users.