Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 14978 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

QoS in Sophos UTM never seems to work, at least not for download throttling.

William Gault

A few years ago we deployed a Sophos SG330 currently with the latest version of Sophos UTM 9 and since day 1 it's never been able to throttle users. We've put in calls to 'premium' support and quite frankly their support typically laughable unless you get through to a few folks in the Vancouver office, but even then they're just as confused about how to make this work as you are and you wind up confusing each other. As such, nothing accomplished.

We have a site that's at the end of the renewal period and we're probably not going to renew since a) the support people don't know the equipment and b) the equipment doesn't work very well (it can't block Ultrasurf like competitive products, for example, and this issue as well).


With that being said, we have an issue where one person can destroy the experience for everyone as the out of the box capabilities cannot fairly share the internet nor can we get the download throttling to work so I figured I'd come here and see if any of the experts know the equipment better than the support people.

 

Traffic selectors

BYOD Wired Downloading

Internet IPv4 -> Any -> BYOD Wired Network (subnet)

 

BYOS Wired Uploading

BYOD Wired Network (subnet) -> Any -> Internet IPv4

 

Download Throttling Rules

Maximum Bandwidth Down Per User:

Limit: 256 kbit/s for each source/destination pair

Traffic selectors:

BYOD Wired Downloading

 

Maximum Upload Per User

Limit: 128 kbit/s for each source /destination pair

Traffic selectors:

BYOD Wired Uploading

 

This is enabled and doesn't do anything.

There's a possibility I have the direction flipped but regardless, no one is limited to 256 or 128 Kbps, rather they can go full throttle 70 Mbps if they want either up or down. We've had to enable QoS on the wireless APs because Sophos isn't as easily configurable, however this won't work for us with the wired.

We did set up QoS on the HP / Aruba switches but of course one of my network guys says, "Why are you doing this on all of these switches, you have equipment that's sold as having this capability... if it's not working, go to another company," So one last kick at the can.

Any and all help would be appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hi, William, and welcome to the UTM Community!

    The impression given is that you've not had good help in the initial configuration.  Sophos Support is "break/fix" instead of installation support.  Your reseller should have sold you some of their time or of Sophos consultants.

    You have a PM.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    In between my post and your response, and after the wind blew the frustration out of my sails, I decided to take another crack at it and ironically used posts you'd made to potentially resolve the issue. The documentation from Sophos is very poor and there's conflicting threads on the topic in the forums, but I think I have a handle on it.

    I realized that under QoS Status tab, each link's uplink and downlink bandwidth is from the perspective of the UTM rather than the end user, so if your ISP gave you 20/5 connection with 20 Mbps down and 5 Mbps up, you would have the External (WAN) interface with a 5 Mbps Uplink and a 20 Mbps Downlink.

    However the users' networks would be the flip of that, so if I wanted a wireless subnet to have (out of the above values) 10 Mbps down and 2 Mbps up, that would actually be 10 Mbps Uplink and 2 Mbps download.

    So let's say I wanted to limit every single user on every single network to a max of 500 Kbps down and 128 Kbps up, when I look at the Download Throttling rule page for Bound to Interface: External (WAN) (up)...

    Does that flip perspective extend to the traffic selector rules for these interfaces when applied to Download Throttling?

    Because the Sophos configuration is overly complicated vs. practically every device on the planet it's difficult to articulate these questions and I probably didn't even write that correctly.  

    Now I'm frustrated again.

  • 0 in reply to William Gault

    You're almost there, William.  Yes, Traffic Selectors, Bandwidth Pools and Download Throttling rules are all from the viewpoint of the Interface in question.  For example, traffic arriving from the Internet will be caught by a Selector like 'Internet -> {ports} -> External (Address)' at the External interface and by one like 'Internet -> {ports} -> Internal (Network)' when leaving the Internal interface.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to William Gault

    You're almost there, William.  Yes, Traffic Selectors, Bandwidth Pools and Download Throttling rules are all from the viewpoint of the Interface in question.  For example, traffic arriving from the Internet will be caught by a Selector like 'Internet -> {ports} -> External (Address)' at the External interface and by one like 'Internet -> {ports} -> Internal (Network)' when leaving the Internal interface.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Unfiltered HTML