Hi, Sophos UTM (still like the name Astaro more:-)) has many great features and this time I wanted to talk about Quality Of Service. I won’t go in to deep, but I’ll try to give  some basic information on how to turn in on an use it in you’re UTM. QOS is all about giving your primary services priority on the network. Some services require a certain amount of bandwidth to work properly, i.e. VoIP, and others are just more important, i.e. SQL traffic is more important than YouTube traffic (if you’re not Google that is).

There are several ways to use QOS, one is to reserve bandwith for a protocol, this will reserve the bandwith (and not use it for anything else). Usefull for things like Voip, but remember, if you reserve too much, You’re wasting bandwidth. Another option is to limit the traffic of a certain kind and/or direction. This limits certain kind of traffic so it never utilizes more bandwidth than what you configured. Also a great tool for limiting Facebook or streaming media traffic. These 2 are quite useful, but not very dynamic. There is also another option: Automatic QoS, which is a bit more elegant in my opinion. This option only starts the shaping the network traffic if the traffic is near the configured max bandwidth of the interface/uplink. And only drop the packets from the biggest users of the bandwidth. Works fine with tcp since the packets will get retransmitted. This will result in a more fair use of the bandwidth, the bulk users will be limited more than low bandwidth users. It’s also possible to combine these options. I will give a short example on how to activate these in UTM. First up is how to enable Automatic QoS, which is easy, logon to the admin console, navigate to Interfaces and Routing, Quality Of Service (QOS).

QOS01

All the configures network cards are listed here, click edit:

QOS02

Make sure the correct downlink and uplink rates are entered. And make sure all check boxes are checked if you want to use QOS both ways. Save, and switch QOS on using the toggle switch.

Now lets add some bandwidth for VoIP, first we need to create a traffic selector, on the same QOS page select the tab Traffic Selectors, New Traffic Selector.

QOS03

Name: a name of course
selector type: traffic selector
source: in this example we use any, because we want to select traffic both ways. (in and out) It is also possible to create 2 selectors, for inbound and outbound, or any service between specified hosts. A lot of options here.
Service: in this example I used VoIP protocols.
Destination: any

QOS04Save, and now create a bandwidth pool. Select the Bandwidth pools tab and this is important. Select the correct interface to bind to!

QOS05

New Bandwidth pool.
Bandwidth: The amount of bandwidth to reserve for this traffic (remember, this won’t get used by any other traffic not matching the selected traffic selectors. Or Specify Upper bandwidth limit, this limits all selected traffic selectors combined to this amount of bandwidth. Since it’s VoIP in this example, we reserve the bandwidth and select the correct traffic selectors. QOS06Save, and turn the bandwidth pool on. I find these options really nice tools to use, especially in bandwidth restricted environments!

Categories: Sophos UTM

7 Comments

  1. […] wrote a blog about using QOS in UTM, in which I described using QOS to guarantee, limit or a more equally share the available […]

  2. Ahmed Essam

    Thank you very much , i have small question could you help me please i want to use qos on external nic i have 4mb speed i need only 2mb for internal users how can do it ??

    thanks

    1. Eric Verdurmen

      Just follow this article, and either use the 2mb as reserved bandwidth value or as upper limit. The biggest thing for you is to choose the correct traffic selector (the correct protocol, source (ip or range) and target.

  3. Gary

    Awesome article, works like a charm!

  4. sam

    How can i verify that my QOS working properly or not?

    1. Eric Verdurmen

      You can use the UTM flow monitor to watch the traffic flow for each protocol, then create network load, the numbers there should show if the QOS works according to you’re settings.

  5. URL

    … [Trackback]

    […] Read More: 360ict.nl/blog/sophos-utm-qos/ […]

Leave a Reply

Your email address will not be published. Required fields are marked *