Excuse me if I post in English - please respond in German!
Christian, in fact, Profiles are selected by subnet; it is only inside a Filter Assignment that User groups are considered. So, the question is whether the traffic leaving the proxy is masqueraded before it's seen by QoS rules.
Based on the way you have to route HTTP traffic out a second WAN connection when not using multipathing, I think the answer is that Gregor cannot do what he wants. I think that all outbound traffic leaving the proxy has the IP of "External (Address)" as its 'Source'.
MfG - Bob
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005
Excuse me if I post in English - please respond in German!
Christian, in fact, Profiles are selected by subnet; it is only inside a Filter Assignment that User groups are considered. So, the question is whether the traffic leaving the proxy is masqueraded before it's seen by QoS rules.
Based on the way you have to route HTTP traffic out a second WAN connection when not using multipathing, I think the answer is that Gregor cannot do what he wants. I think that all outbound traffic leaving the proxy has the IP of "External (Address)" as its 'Source'.
MfG - Bob
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005
ich will den Usern nicht das surfen vermiesen, eigentlich will ich das Gegenteil erreichen.
Wir haben ein Netzwerksegment , welches für Installtion/Updates von PCs benutzt wird. Der HTTP Traffic läuft dabei über Proxy wegen Virenprüfung.
Wenn jetzt ein PC Updates zieht , dann kann er die ganze Bandbreite blockieren.
