Limit bandwidth to Guest WiFi Network per user / IP

MiroslavCacija said:

I want to limit bandwidth for Guest WiFi network, lets say to 2 Mb up/down, per individual IP. The only way i managed to achieve this is by creating entire guest WiFi subnet IP's as clientless users, and then apply user traffic shaping to the rule. Is this the right and only way to archive this ?

Yes, but whole IP subnet needs to be created as users ???

Do as david suggested above and create a network traffic shaping rule (policy association >rules) and change the bandwidth type to shared. Lets call this rule throttle guests. Now create a firewall rule and make sure that match known users is unchecked and in traffic shaping policy use throttle guests as your policy. This will throttle the whole network without assigning any usernames etc.

Keep in mind though that if you have 100mb for your guest network available one user will be able to use all that bandwidth when downloading torrents etc. Use individual bandwidth type in traffic shaping rule if you want to throttle each user individually. But assigning individual bandwidth will limit each user to assigned bandwidth even if there is more bandwidth available.

Have you actually tried this, or you think that it SHOULD work that way ? I've tried all the variations, and as I've said, only the one with creating users actually works if you want to have 2 Mbit limit per IP.

Have you actually tried this, or you think that it SHOULD work that way ? I've tried all the variations, and as I've said, only the one with creating users actually works if you want to have 2 Mbit limit per IP.

Here are my firewall rules. Even if I hadn't tried it, david's advice above is correct. 

Try to test it than ... use let's say two cellphones simultaneously and start Speedtest on each device at the same time. You should get let's say 2 Mbit/sec on each device, simultaneously.

Best Regards.

You are correct, it considers the rule as shared bandwidth and not individual bandwidth. Definitely a bug when using individual policy bandwidth profile in firewall rules .

I guess my guests never complained when they were getting throttled down to hardly nothing[:D]

Edit: Open a support case with sophos if you are not a home user. They need to fix this as I am sure there are many other users like myself that had that rule working previously just assume that it is working correctly now.

Don't know if this was working before, but it seems it's by design ... so there is a way to get this working, but having one /22 subnet defined as clientless users, is just not that nice way to achieve something that should be achieved more easily ... someone else have similar experience maybe ?

Best Regards. 

MiroslavCacija said:

Have you actually tried this, or you think that it SHOULD work that way ? I've tried all the variations, and as I've said, only the one with creating users actually works if you want to have 2 Mbit limit per IP.

Micoslav Cacija,

Im using standard /24 DHCP with no users assigned.  These instructions will work even if you have users assigned.  ...but who has users assigned in their Guest Wi-Fi network?

Billy Bob did mention several things I failed to point out:

1. In the Traffic Shaping Policy, Choose the buttons: Rules, Limit, and Individual. If you want limit 2mbps total for both up and down combined, choose Disable (default).  If you want to allow separate limits of 2mb up and 2mb down, choose Enable.  Now, Choose a Priority.  Set the limit to 2000.  Assign a name to Traffic Policy, and click Save.  That Traffic Shaping Policy name will now show up as an option in all Firewall Rules.

2. In the Firewall Rule you use, you must make sure that Match Known Users is not selected in the Identity section of the Firewall Rule you are using.  Create another firewall policy on the same Guest Wi-Fi zones if you don't have a Firewall Rule in which you can turn off Match Known Users. You may need to drag-and-drop this rule to prioritize it before or after your other Guest Wi-Fi rules.

3. This works whether you have users assigned or not.  Each device or connection on that Guest Wi-Fi zone will be treated as an individual user and limited to 2Mbps.

Although this particular setup is not covered, this the help section for XG Firewall Traffic Shaping Policies 

Hi guys, I know this is an old post but it is very close to what I am trying to achieve. I am trying to limit guest wifi users to a hard data cap. A lot of the above information is relevant to my scenario, except rather than shape traffic I am trying to impose a data limit, say 500mb per user. Or say limit bandwidth usage to 1kbps up and down upon reaching 500mb. Cany chnace someone could point me in the right direction to achieve this?

Thanks very much in advance