cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

How to create QoS rule to limit bandwith per user

Friends,

I need your support in configuring QoS policy on GAiA R80.10

We have specific requirement. We need to create rule to limit bandwidth per user.

In our scenario we have about 3000 users. Our management decided give users some limit when they use internet. FOr example 10Mbps per user.

In QoS blade I see I can create rules to limit sources: per network object, per host objects but how to do it per user? I cannot create 2000-3000 hosts manually for all users, correct? it is not logical :smileyhappy:.

I am sure you faced such requirements before and give me good advise?

Many thanks

Tags (3)
9 Replies

Re: How to create QoS rule to limit bandwith per user

I think you should create a rule for bandwidth control of applications like video streams and ftp sftp....

0 Kudos

Re: How to create QoS rule to limit bandwith per user

Vladimir
Pearl

Re: How to create QoS rule to limit bandwith per user

Something like this should work for simple bandwidth limitations:

You do not have to use the content awareness, so long as you have a category and limits defined to your satisfaction.

0 Kudos

Re: How to create QoS rule to limit bandwith per user

An APCL limit like this will work, but the limit will be shared by all traffic matching the rule.  It will not be per user.  The thread linked by Gunther should be helpful to Gareth.

--
"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Re: How to create QoS rule to limit bandwith per user

Hi!

APCL limits are working per-rule not per-user. It means all objects in the rule will share the limit what you will set in a single rule. In fact, you may create a rule and specify one host object - this will be a rule with the limit for one user only. But It will not solve your problem because you want to set the limit for each user in the network and they are several thousand as you describe.

Timothy Hall‌ I made some research and many NGFW on the market have Per-IP/Per-User Traffic Limit. Is this something technologically hard to archive in QoS blade or there is a specific reason why CP is not doing it?

BR

Vato

0 Kudos

Re: How to create QoS rule to limit bandwith per user

The lack of per-user QoS is probably due to the following sequence of events:

- QoS/Floodgate-1 feature was used a fair amount in releases prior to R70

- In R70 CoreXL was introduced but was incompatible with the QoS blade

- As a result QoS blade falls into disuse (penalty box)

- Identity Awareness (IA) is introduced in version R75 while QoS is still used very rarely, so there is really no need to update QoS for IA

- APCL is introduced around the same time as IA and has its own Limit feature to help compensate for QoS being in the penalty box

- CoreXL/QoS conflict is resolved in R77.10 and later, but practically no one is using QoS at this point due to the longstanding incompatibility with CoreXL

This sounds like a good candidate for an RFE though, talk to your Check Point SE or submit it here:  http://www.checkpoint.com/rfe/rfe.htm

--
"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos
Vladimir
Pearl

Re: How to create QoS rule to limit bandwith per user

I'm with you 100% on the need for RFE, but going through the list of products there, I do not even see QoS as one of the options.

In addition to IA in QoS, I'd like to see the Domain objects, namely FQDN objects fully supported there. 

0 Kudos

Re: How to create QoS rule to limit bandwith per user

Pretty sure QoS is now part of the Advanced Networking Blade (ADN) which is in the list on that RFE page.

--
"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
Vladimir
Pearl

Re: How to create QoS rule to limit bandwith per user

Thank you for the pointer!

I'll post my requests in ADN section.