I have a UTM120 hardware appliance running in a complex for small businesses.
There are around 40 end users which are connected to the UTM through multiple Netgear GS724T switches.
There is a single fiber WAN line active with a max speed of 100 mbit.
For those end users I’ve defined 6 different max bandwidths (5 / 12 / 20 / 30 / 50 / 80 mbit).
Every limit has its own VLAN on the UTM and DHCP provides the end users with a IP address.
Half dec-2013 I’ve been configuring the QoS section and tested all VLAN’s for there limits, which all worked.
Now, assumable since the latest update, it looks like the limit aren’t take into account anymore.
Previous to the update speedtest.net gave me a short peak at the start of 30 mbit when testing a 20 mbit user and after a second or 2 the connect went flat on 20 mbit for both download and upload.
Now the same test with a 20 mbit end user gives me a 10-50 speed on both download and upload with the speedtest.net meter hanging for a couple of seconds every now and then. I’m aware of flash based speedtests aren’t very accurate with QoS active, but it worked fine in the first place.
Ok, what have I been configuring:
INTERFACES & ROUTING
- Interfaces -> [ 1 Default (WAN) ]
- Interfaces -> [ 6 different VLAN’s ]
- QoS -> Status -> Default (WAN) is ON, rest of the interfaces are OFF (see screenshot)
- QoS -> Traffic Selectors -> For each network group I defined 2 traffic selectors (Advanced section left empty)
1. Network_Inbound / Internet IPv4 -> Any -> {network_group}
2. Network_Outbound / {network_group} -> Any -> Internet IPv4
- QoS -> Bandwidth Pools -> Bound to Default (WAN) / 2 rules for prioritizing SIP and RTP (probably not related to this issue)
- QoS -> Download Throttling -> Bound to Default (WAN) / For each network group
1. Network_Inbound / Limit # kbit/s for each destination over traffic selector 1
2. Network_Outbound / Limit # kbit/s for each source over traffic selector 2
DEFINITIONS & USERS
- Network Definitions -> [ 6 different network groups for each ‚subscription’ ]
- Network Definitions -> [ Networks_All group with all 6 groups included ]
(Groups are defined on the network for example 192.168.1.0/24)
NAT
- Masquerading -> [ Networks_All -> Default (WAN) ]
My questions to you are:
- Is it possible that this is broken since the latest update from 24 dec 2013? Are there other users which have similar problems?
- Is this the best way to configure group based bandwidth (up and download) limitations?
- How is QoS working? Is it checking all rule prior to take action or does it read the list and take action on first match? (discarding any rules which have a higher priority number)
Let me know when you need more specific information.
Guest User!
You are not Sophos Staff.
