Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 12407 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

QoS - Download Throttling and FTP Over TLS

eclipse79

Hello,

I'm using download throttling feature, it works fine for some serivices/applications, but I got issues for FTP.

I created a Traffic Selector Group, that contains these services: FTP Service (port 21), FTP Data (port 20), FTPS Implicit - channel (port 990), FTPS Implicit - data (port 989).

and these application definitions: FTP, FTP Control, FTP Data, FTPS, FTPS Data, SFTP, TFTPS, TFTP.

Then I created a Download Throtting rule that uses this Traffic Selector Group.

If I connect to a FTP server using Plain FTP (so, non secure connection) I got a limited bandwidth that maches to the setting of Download Throttling rule.

If I connect to a FTP server using Implicit FTP over TLS or Explicit FTP over TLS the bandwidth is not limited at all.

NB: I enabled Tracking Helper for FTP, TFTP.

Any ideas?

Thanks

Eclipse79



This thread was automatically locked due to age.
  • 0

    Instead of using 'Selector type: Traffic selector', use 'Selector type: Application selector'.  In the definition, choose the "File transfer" category and put FPT into the search box.  Did that work any better?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Unfortunately... no... :( In this moment I set 2mbit limit but 1 user is uploading at 3mbit

  • 0 in reply to eclipse79

    May we see pictures of the Edits of the relevant Traffic Selector, Multipath rule and Download Throttling rule?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Sure:

    Thanks!

     

    ps: sorry for my delay!

  • 0 in reply to eclipse79

    Well, I would have thought that that would work.  What happens when you create a rule using the Flow Monitor - does it look for response traffic?  Is the FTP Helper enabled on the 'Advanced' tab of 'Firewall'?

    If you're still not there, maybe you should get Sophos Support involved.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML