- Local User Groups
and thanks in advance for any replies. We are looking at limiting a single interface; we have a part of a network that we want on 150 or 200 Mbps, and it's connected to one of the gateways through a single interface.
We are not currently using QoS, so and I am looking for an easy way to implement that. There are some QoS guides out there that describe policing, but as part of full setup. Can anyone please point me towards something more condensed?
I think you can use fw samp to do what you want, see:
Using this command you can set bandwidth/connection quotas that are efficiently enforced by SecureXL; this mechanism is vastly preferred to the Network Quota IPS signature which kills practically all SecureXL acceleration on the gateway. Unfortunately you cannot directly specify a certain interface for enforcement in the matching criteria, but hopefully you could do the same thing with carefully selected source and/or destination networks in your fw samp statement.
will play with this in our test environment and share my experience here. Might be some time though, I'm off for a week and busy with other projects, I will update as soon as possible.
The QoS blade is now a possibility to do this as long as R80.20+ is in use on the gateway. In R80.10 and earlier switching on QoS would cause practically all traffic to hit the QXL path, and cause a lot of overhead in the firewall along with some other odd problems. Definitely not recommended to use QoS on R80.10 and earlier in most cases.
Sounds like QoS blade is your solution 🙂
Simple, take a look at the configuration in Smartconsole, it is an extra blade configuration.
That's the absolute truth Timothy.
But I think now it's time for newer releases like R80.20 or R80.30 😉
We use QoS with R80.30 and it works fine too with the acceleration features.