Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 12614 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Throttle SSL VPN Bandwidth per user

SoulDragon

Hello,

 

I was wondering, is there a way to restrict bandwidth usage on a user to user basis with SSL VPN users?  I already have a QoS rule in place limiting each user to 2m down, but I want some users to have a little more or a little less.  Is this possible?  I've been looking everywhere and can't find anything about it.



This thread was automatically locked due to age.
  • 0

    I've just had a very brief look as I'm off out. Obviously, it would require a bandwidth pool and I looked to see if the source on a bandwidth tool would take a "User network" and it did.

    If so (and if it works), you could in theory limit X application or whatever to X bandwidth for X user. Never tried it but might give it a shot tomorrow when I get a little more time.

  • 0 in reply to Louis-M

    I did see that it would take a user network, but since these are OpenVPN clients and thus will get their IPs from DHCP, I cannot guarantee they will get the same IP and therefore not the same throttling.  As far as I know you cannot create DHCP reservations for SSL clients.  Plus it would create a great amount of overhead having to manually add each separate user device's MAC if static IP reservation were possible.

    I was hoping there was a way to do this per account, as all accounts will be stored locally on the UTM device, and while still creating a good amount of overhead, would be much simpler in implementation.  Though if I am reading wrong and static IP reservation is indeed possible on SSL clients, I will do that as well.

  • +1 in reply to SoulDragon

    That's not how it works, SoulDragon.  When Mark logs into the SSL VPN, he is assigned an IP out of "VPN Pool (SSL)" and the "Mark (User Network)" object is populated with that IP.  No static assignments required - just use the "Mark (User Network)" object in the QoS rules.  Remember to place the user-specific rules above those that apply generally.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Excellent!  Thanks for pointing that out. Sometimes the simple things pass you by :)

    I will try this, thank you very much for the suggestion.

Unfiltered HTML