Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 4 subscribers
  • Views 8421 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to prioritize SSL VPN tunnel in general among other WAN traffic?

JasonMiles

Hi, am using Sophos UTM 9.4 in a home environment.  Works well.  Have QoS enabled on my WAN interface.  Effectively using it to prioritize various traffic.  Simply have 2 interfaces defined:

1.) WAN

2.) LAN

However am unclear on how to prioritize the SSL VPN tunnel itself among other traffic selectors and bandwidth pools on my WAN.  Currently have my TRAFFIC SELECTOR setup as:

Source: VPN Pool (SSL)

Service: Any

Destination: Any

Wasn't sure whether Source should be LAN instead and Destination should be VPN Pool (SSL)?  Once I get this part figured out, I'll likely want to prioritize traffic within the VPN Pool itself.  Taking one step at at time.  Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    to prioritize the traffic of the SSL VPN tunnel itself you can choose

    Source: your WAN interface

    Protocol: SSL

    Destination: Internet IPv4, or if all VPN clients behind the same public IP address or in the same IP range, you can also choose this.

    Bound to interface: WAN

     

    The traffic in the tunnel can prioritize like all other traffic. Choose the matching systems and/or protocol, and create a bandwith pool for the WAN interface.

    Or work with "Application Control" under "Web Protection". Choose the WAN interface, identify the traffic and click shape.

     

    Jas Man

  • 0 in reply to Jas Man

    Jas Man said:

    Hi,

    to prioritize the traffic of the SSL VPN tunnel itself you can choose

    Source: your WAN interface

    Protocol: SSL

    Destination: Internet IPv4, or if all VPN clients behind the same public IP address or in the same IP range, you can also choose this.

    Bound to interface: WAN

     

     

    Thanks very much for your input.  For protocol, do I want to choose TCP 443 (SSL).  If so, will this simply prioritize any and all SSL traffic that leaves me network over the WAN?  Regardless of whether it's CrashPlan, HTTPS web browsing, etc?

  • 0 in reply to JasonMiles

    Yup! TCP 443 (SSL) will prioritize any SSL traffic. That's why I mentioned to add an IP or IP range as destination to the traffic selector, to filter the traffic more accurately.

    I have no idea how to filter the VPN SSL traffic from the other SSL traffic, if you are not able to add a destination IP / IP range.

Reply
  • 0 in reply to JasonMiles

    Yup! TCP 443 (SSL) will prioritize any SSL traffic. That's why I mentioned to add an IP or IP range as destination to the traffic selector, to filter the traffic more accurately.

    I have no idea how to filter the VPN SSL traffic from the other SSL traffic, if you are not able to add a destination IP / IP range.

Children
No Data