Dear All,
we want to Limit the bandwith available for media Streaming, so that it does not interfer with the Business anymore.
However this turns out to be harder than it should be:
Goal:
- Limit Media-Services to 256 kbit per User
- Allow Exceptions for those who Need Media-Pages for their Business (Marketing, Construction, etc)
Approaches:
1.) First we tried to use the Application-Level Filtering to ban "YouTube". (It did affect nothing, neither web-based YouTube Access nor Smartphone-Apps)
2.) The only Thing that seems to work is "ip-based-Limit", so we created the proper Networks for the YouTube.com dns-Group and the known CDN-Server-Networks.
We Setup a Traffic-Rule like "Youtube CDN X -> Any Service -> Any Destionation" and added all those Groups to another Group "Youtube". Then we applied a Limit of 256 kbit, which worked. (for ALL users, cause Destination is ANY (including the WAN Interface))
Sophos now ofc. sees the rule as "matched", cause "any" means any.
But how to exclude Clients, IP Ranges - whatever?
We defined a Network (i.e. 50-200), Setup the Traffic Selector like "Youtube CDN X -> Any Service -> Throttled Network Clients" and applied the Throttling. No Impact.
If I understand Sophos "right", this obviously does NOT match anything, because there are two things sophos will see per request:
"Youtube CDN X -> ActualService -> External WAN"
"Internal Port -> ActualService -> Client XY"
Obviously, we could neither Exclude "Youtube CDN -> * -> *" - (this works, but lacking exceptions)
nor does "* -> * -> Client" makes sence (nothing would work then)
So, to make this working we would need Kind of a chained rule:
"Youtube CDN X -> Any Service -> [Sophos]-> Any Service -> Client XY"
Is this possible - or are there any other ways to achieve exceptions from the Download-Throttling?
best,
dog
Firmware: 9.353-4
This thread was automatically locked due to age.
