- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Dear colleagues,
I have a client request to implement bandwidth control per (IP/user), but I'm facing challenges in finding a solution.
If I use the bandwidth control in the rule base, it will limit the entire network to the defined value, which is not the desired outcome.
I'm currently testing with the QoS Blade and I've reviewed the guide, but the 'limit' function's exact purpose and operation aren't clear.
I conducted tests in a lab environment, and even with a limit set in QoS, the bandwidth continued to be used without restriction.
In other words, the 'limit' function doesn't seem to work for bandwidth control.
How can I achieve bandwidth control per connection/IP/user?
Is it possible to achieve this using the QoS Blade?
I have managed to get it working on R81.10 per IP. See below screenshot
Let me see if I can dig out some notes about this, because customer asked me about same subject few years ago and I know there was TAC case about it, but cant remember now what happened. If I find anything, will share.
Andy
Hello @the_rock thank you for your help!
Can you confirm whether the 'limit' function of the QoS blade is supposed to actually restrict bandwidth as defined, or does it have another purpose?
I configured it both in a lab and a client's production environment, and it didn't work as expected.
The guide doesn't make it clear what the intended application of this function is.
Based on below, it would appear so
Andy
https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/96089/FILE/CP_R80.40_QoS_AdminGuide.pdf
Limits
A limit specifies the maximum bandwidth that is assigned to all the connections together. A limit defines a
point after which connections below a rule are not allocated more bandwidth, even if there is surplus
bandwidth available.
Limits can also be defined for the sum of all connections in a rule or for individual connections within a rule.
For more information on weights, guarantees and limits, see Action Type.
Note - Bandwidth allocation is not fixed. As connections are opened and closed, QoS
continuously changes the bandwidth allocation to accommodate competing
connections, in accordance with the QoS Policy.
Btw, I set up qos in my lab again (latest jumbo on R81.20), so can do any testing you need.
Andy
I have the same issue as well, I have assigned a per connection limit for each rule in the QoS blade however it seems not to be working. Did you manage to have it working in R81.20?
Regards,
Salom
Sorry, been super busy, but can try today. Can you send how you configured it and I can give it a go as per same?
Andy
Please see attached.
Sorry, just have to do some Fortigate lab stuff, but will test in a bit.
Andy
Ok, I can multitask, so did below and works fine for me in R81.20
Andy
Thanks, I will log a TAC why it's not working on R81.10 before considering an upgrade to R81.20.
Regards,
Salom
I have managed to get it working on R81.10 per IP. See below screenshot
@Salom_Idhogela What is your source,single or networks. what is your 'Number of guaranteed connections'.Thanks!
Source is network block, number of guaranteed connections is per IP.
QoS blade can work per-IP, but this is unreliable if your hosts are dynamically-assigned. However, AppControl/URLF blade will work for user identities via access roles.
 
					
				
				
			
		
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count | 
|---|---|
| 22 | |
| 17 | |
| 12 | |
| 10 | |
| 9 | |
| 9 | |
| 7 | |
| 7 | |
| 6 | |
| 5 | 
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 11:00 AM (EDT)
Tips and Tricks 2025 #15: Become a Threat Exposure Management Power User!About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY