Can not apply QoS when enable Web Filtering?

Can you please provide us with more details ?

Screenshots of your QoS setup would be handy.

Hi guys, I have the same problem on our UTM 550 cluster.

We configure QOS, in particoular "downlaod throttling" for youtube and it works like a charm, but when apply the webfiltering (full transparent mode) to just a computer to try  (a very simple policy with set a quota for streaming) suddenly to this computer is not anymore apply the QOS (I checked out the statistics from youtube..).

I tried to apply the same "downlaod throttling policy" not just to WAN interface but also to the LAN, because when a computer used the webproxy I could see it traffic on this interface and not on the WAN one but nothing,

I tried everything and every combination, could anyone help me?

I  will also contact my partner in order to open a ticket in Sophos becuase it's really strange and disappointing  behaviuor

Thank you all

Riccardo

Hi Riccardo,

There were many reported problems in the past with Download Throttling. Try to solve your problem with Bandwidth pools on the LAN interface.

community.sophos.com/.../147902
community.sophos.com/.../60821

I have a similar problem, and I'm using bandwidth pools.

I'm trying to throttle uploads to AWS which use port 443. After much fiddling, I have a bandwidth pool set up on the external interface and a traffic selector that selects for all traffic from a particular host. This doesn't apply the QoS until I explicitly put the host in the 'Skip Transparent Mode Source Host/Nets' in the Filtering Options/Misc page. Then the bandwidth pool gets applied.

It seems if you are using Web Filtering, and you want to use Bandwidth Pools, you need to explicitly exclude the traffic or host from Web Filtering. If you don't do this, the QoS doesn't get applied (for web traffic, i.e. ports 80, 443, etc...).

It's not a great solution, since I'd love to us QoS/Bandwidth Pools and Web Filtering for these hosts, but it just doesn't work.

FYI - I'm using UTM 9.355-1.

Hi, Paulo, and welcome to the UTM Community!

Please insert pictures of the 'Status' tab, your Traffic Selector and your Bandwidth Pools.

Cheers - Bob

Looks good.  Some suggestions:

1. Disable the Internal interface on the Status tab.
2. Edit the External interface on the Status tab:
   
   1. Deselect 'Download Equalizer'
   2. Do not select 'Limit uplink'

Now try - any luck?

Cheers - Bob

Nope. Same issue. The QoS Bandwidth Profile only gets applied if I specifically exclude the host in Web Protection / Filtering Options / Misc / Transparent Mode Skiplist / Skip Transparent Mode Source Hosts Nets.

It's possibly due to the fact that AWS uses port 443, but then again, the web filtering is set to Transparent and HTTPS is set to URL filtering only.

Like I said, I have a solution, it just doesn't make sense. I don't see why I need to exclude the host from Web Filtering for it to work, unless QoS and Web Filtering are mutually exclusive when it comes to web traffic on ports 80, 443 etc...

I haven't tried it with other protocols. I may see if I can do an scp from the host to see if the QoS profile gets applied without specifying the exclusion.

Confirmed. If it's not a web port, the QoS bandwidth pool gets applied without having to exclude the host from web filtering. I did an scp of a large file and the bandwidth pool restrictions were applied no problem.

So it seems web filtering seems to get in the way of Bandwidth Pools if the traffic you're trying to apply QoS to is web traffic, in which case, the pool is bypassed unless you specifically exclude the host from the web filtering.