Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 14985 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

QoS in Sophos UTM never seems to work, at least not for download throttling.

William Gault

A few years ago we deployed a Sophos SG330 currently with the latest version of Sophos UTM 9 and since day 1 it's never been able to throttle users. We've put in calls to 'premium' support and quite frankly their support typically laughable unless you get through to a few folks in the Vancouver office, but even then they're just as confused about how to make this work as you are and you wind up confusing each other. As such, nothing accomplished.

We have a site that's at the end of the renewal period and we're probably not going to renew since a) the support people don't know the equipment and b) the equipment doesn't work very well (it can't block Ultrasurf like competitive products, for example, and this issue as well).


With that being said, we have an issue where one person can destroy the experience for everyone as the out of the box capabilities cannot fairly share the internet nor can we get the download throttling to work so I figured I'd come here and see if any of the experts know the equipment better than the support people.

 

Traffic selectors

BYOD Wired Downloading

Internet IPv4 -> Any -> BYOD Wired Network (subnet)

 

BYOS Wired Uploading

BYOD Wired Network (subnet) -> Any -> Internet IPv4

 

Download Throttling Rules

Maximum Bandwidth Down Per User:

Limit: 256 kbit/s for each source/destination pair

Traffic selectors:

BYOD Wired Downloading

 

Maximum Upload Per User

Limit: 128 kbit/s for each source /destination pair

Traffic selectors:

BYOD Wired Uploading

 

This is enabled and doesn't do anything.

There's a possibility I have the direction flipped but regardless, no one is limited to 256 or 128 Kbps, rather they can go full throttle 70 Mbps if they want either up or down. We've had to enable QoS on the wireless APs because Sophos isn't as easily configurable, however this won't work for us with the wired.

We did set up QoS on the HP / Aruba switches but of course one of my network guys says, "Why are you doing this on all of these switches, you have equipment that's sold as having this capability... if it's not working, go to another company," So one last kick at the can.

Any and all help would be appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    I realize you are venting but remember, this is mostly user to user board. Call support and yell at them if you have frustrations.  Did you RTFM? [:^)] Did you try bandwidth throttling directly from flow monitor? Did you try to throttle ultrasurf with application control?

    William Gault said:

    A few years ago we deployed a Sophos SG330 currently with the latest version of Sophos UTM 9 and since day 1 it's never been able to throttle users.

    You deployed SG330 and you didn't know that QoS didn't work? We are currently deploying XG at a friend's place of work. I have been beta testing XG since v15 and pretty much know everything there is to know about XG, but the reseller is setting up everything, showing us how everything is done from writing rules to connecting ports and also what kind of after sales support we can get from him while we are trying the appliance for 30 days.

    William Gault said:
     

    Because the Sophos configuration is overly complicated vs. practically every device on the planet it's difficult to articulate these questions and I probably didn't even write that correctly.  

    Like which device? Your netgear router at home? Untangle? Please...

    Go threaten sophos directly that you are not going to renew your contract because nobody on this board really cares.

  • 0 in reply to Billybob

    Billybob said:

    Go threaten sophos directly that you are not going to renew your contract because nobody on this board really cares.

     

     
    Clearly. I was expecting a community of technical people like BAlfson but now that I know it's also hosting assholes with nothing useful to contribute, I'll keep that in mind. I suppose it's on par with Sophos support.
     
    Since the only person with technical insight seems to be  I'll continue with him in PM's.
     
     
Reply
  • 0 in reply to Billybob

    Billybob said:

    Go threaten sophos directly that you are not going to renew your contract because nobody on this board really cares.

     

     
    Clearly. I was expecting a community of technical people like BAlfson but now that I know it's also hosting assholes with nothing useful to contribute, I'll keep that in mind. I suppose it's on par with Sophos support.
     
    Since the only person with technical insight seems to be  I'll continue with him in PM's.
     
     
Children
  • 0 in reply to William Gault

    So this is apparent:

    • You were obviously kept out of the loop on deployment.
    • You didn't know and still don't know how the software works.
    • You call technical support because you are too lazy to read the manual.
    • Even technical support can't help an ignoramus.
    • You clicked a few buttons and enabled guest wifi like your home router without realizing that guests can and will stream youtube in 4k that will choke your WAN.
    • Since  held your hand like the ignorant fool that you are, he is a professional.

    And I am the asshole? [:D]

    I feel sorry for the people that have to deal with you to get their work done on the internet. Good thing you have sophos to blame. You are right, you need to stick with PMs because

    “It's better to keep your mouth shut and appear stupid than open it and remove all doubt”


    ― Mark Twain

  • 0 in reply to Billybob

    Billybob said:

    And I am the asshole?

    No, worse, you're a juvenile asshole with zero technical knowledge considering your only contribution is trolling. It's great that you had someone with technical insight that was able to configure your Sophos equipment for you but that knowledge does nothing for me.

    Fortunately there are alternative forums with technically minded folk that have insight into Sophos products and I've redirected my communications there.

    Consider this case closed. Cheers!  [:D]

Unfiltered HTML