Sophos UTM QOS
Hi, Sophos UTM (still like the name Astaro more:-)) has many great features and this time I wanted to talk about Quality Of Service. I won’t go in to deep, but I’ll try to give some basic information on how to turn in on an use it in you’re UTM. QOS is all about giving your primary services priority on the network. Some services require a certain amount of bandwidth to work properly, i.e. VoIP, and others are just more important, i.e. SQL traffic is more important than YouTube traffic (if you’re not Google that is).
There are several ways to use QOS, one is to reserve bandwith for a protocol, this will reserve the bandwith (and not use it for anything else). Usefull for things like Voip, but remember, if you reserve too much, You’re wasting bandwidth. Another option is to limit the traffic of a certain kind and/or direction. This limits certain kind of traffic so it never utilizes more bandwidth than what you configured. Also a great tool for limiting Facebook or streaming media traffic. These 2 are quite useful, but not very dynamic. There is also another option: Automatic QoS, which is a bit more elegant in my opinion. This option only starts the shaping the network traffic if the traffic is near the configured max bandwidth of the interface/uplink. And only drop the packets from the biggest users of the bandwidth. Works fine with tcp since the packets will get retransmitted. This will result in a more fair use of the bandwidth, the bulk users will be limited more than low bandwidth users. It’s also possible to combine these options. I will give a short example on how to activate these in UTM. First up is how to enable Automatic QoS, which is easy, logon to the admin console, navigate to Interfaces and Routing, Quality Of Service (QOS).
All the configures network cards are listed here, click edit:
Make sure the correct downlink and uplink rates are entered. And make sure all check boxes are checked if you want to use QOS both ways. Save, and switch QOS on using the toggle switch.
Now lets add some bandwidth for VoIP, first we need to create a traffic selector, on the same QOS page select the tab Traffic Selectors, New Traffic Selector.
Name: a name of course
selector type: traffic selector
source: in this example we use any, because we want to select traffic both ways. (in and out) It is also possible to create 2 selectors, for inbound and outbound, or any service between specified hosts. A lot of options here.
Service: in this example I used VoIP protocols.
Destination: any
Save, and now create a bandwidth pool. Select the Bandwidth pools tab and this is important. Select the correct interface to bind to!
New Bandwidth pool.
Bandwidth: The amount of bandwidth to reserve for this traffic (remember, this won’t get used by any other traffic not matching the selected traffic selectors. Or Specify Upper bandwidth limit, this limits all selected traffic selectors combined to this amount of bandwidth. Since it’s VoIP in this example, we reserve the bandwidth and select the correct traffic selectors.
Save, and turn the bandwidth pool on. I find these options really nice tools to use, especially in bandwidth restricted environments!