Sophos UTM QOS part II
I wrote a blog about using QOS in UTM, in which I described using QOS to guarantee, limit or a more equally share the available bandwidth. As some of you might have noticed, there are more tabs available on the QOS. Let’s get more into one of those, download throttling!
The QOS options which is described earlier can be used to better utilize the available bandwidth. Which can be used on a WAN/Internet connection, but it can also be very useful for managing the traffic to a remote location or even between segments. The last option is download throttling. I think this option is very useful for limiting internet access. Especially on WiFi guest networks.
In a lot of organizations, free open wireless network is available for visitors. Which is very useful, and I must say, I appreciate and use them a lot. A way to make sure the guests don’t use up all the available internet bandwidth is to limit the maximum rate for all users. And turn on the bandwidth equalizer (as discussed in the previous article).
Download throttling offers a more aggressive method of limiting certain traffic. Using the same traffic selectors as mentioned before, one can select a certain kind of traffic, in this instance media streaming. allow i.e. 100mb media streaming traffic, but after this quotum is reached for a single guest. Only the throttled speed is given to the guest for streaming media.
To configure this, create a new traffic selector. In this case source internet IPv4, service Media Stream and target the wireless guest network:
You can also switch Traffic selector to use application specific selectors, these are predefined selectors for a lot of known applications. Expand Advanced and enter the desired limit after which the bandwidth throttle should be activated. This maximum is part of the selector.
Save, select the tab download Throttling. Select the correct interface to bind to, in this case it should be the wireless guest network interface. Click on new throttling rule and fill in the name, limit in kbits/s, and note the limit, you can choose between:
- shared: The limit is equally distributed between all existing connections. I.e., the overall download rate of the traffic defined by this rule is limited to the specified value.
- each source address: The limit applies to each particular source address.
- each destination address: The limit applies to each particular destination address.
- each source/destination: The limit applies to each particular pair of source or destination address.
Select the correct traffic selector and save.
The only thing left is enabling the throttle rule.
And you’re done!
This is just a simple example on the basics of download throttling. Just take a good look at all the options available. I won’t go as far that the possibilities are endless, but it would take quite some time to describe them all 😉