This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bernardes
Advisor
Advisor
‎2023-08-21 03:02 PM
Jump to solution

QoS Bandwith Control per User/IP

Dear colleagues,

I have a client request to implement bandwidth control per (IP/user), but I'm facing challenges in finding a solution.

If I use the bandwidth control in the rule base, it will limit the entire network to the defined value, which is not the desired outcome.

I'm currently testing with the QoS Blade and I've reviewed the guide, but the 'limit' function's exact purpose and operation aren't clear.

I conducted tests in a lab environment, and even with a limit set in QoS, the bandwidth continued to be used without restriction.

In other words, the 'limit' function doesn't seem to work for bandwidth control.

How can I achieve bandwidth control per connection/IP/user?

Is it possible to achieve this using the QoS Blade?

0 Kudos
1 Solution

Accepted Solutions
Salom_Idhogela
Collaborator
‎2023-09-01 03:10 AM
In response to the_rock
Jump to solution

I have managed to get it working on R81.10 per IP. See below screenshot

Qos 1.png

View solution in original post

0 Kudos
12 Replies
the_rock
Legend
Legend
‎2023-08-21 03:15 PM
Jump to solution

Let me see if I can dig out some notes about this, because customer asked me about same subject few years ago and I know there was TAC case about it, but cant remember now what happened. If I find anything, will share.

Andy

Bernardes
Advisor
Advisor
‎2023-08-22 05:27 AM
In response to the_rock
Jump to solution

Hello @the_rock thank you for your help!

Can you confirm whether the 'limit' function of the QoS blade is supposed to actually restrict bandwidth as defined, or does it have another purpose?

I configured it both in a lab and a client's production environment, and it didn't work as expected.

The guide doesn't make it clear what the intended application of this function is.

0 Kudos
the_rock
Legend
Legend
‎2023-08-22 05:37 AM
In response to Bernardes
Jump to solution

Based on below, it would appear so

Andy

https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/96089/FILE/CP_R80.40_QoS_AdminGuide.pdf

 

Limits
A limit specifies the maximum bandwidth that is assigned to all the connections together. A limit defines a
point after which connections below a rule are not allocated more bandwidth, even if there is surplus
bandwidth available.
Limits can also be defined for the sum of all connections in a rule or for individual connections within a rule.
For more information on weights, guarantees and limits, see Action Type.
Note - Bandwidth allocation is not fixed. As connections are opened and closed, QoS
continuously changes the bandwidth allocation to accommodate competing
connections, in accordance with the QoS Policy.

0 Kudos
the_rock
Legend
Legend
‎2023-08-22 06:18 AM
In response to Bernardes
Jump to solution

Btw, I set up qos in my lab again (latest jumbo on R81.20), so can do any testing you need.

Andy

Salom_Idhogela
Collaborator
‎2023-08-30 06:33 AM
In response to the_rock
Jump to solution

I have the same issue as well, I have assigned a per connection limit for each rule in the QoS blade however it seems not to be working. Did you manage to have it working in R81.20?

 

Regards,

Salom

0 Kudos
the_rock
Legend
Legend
‎2023-08-30 06:54 AM
In response to Salom_Idhogela
Jump to solution

Sorry, been super busy, but can try today. Can you send how you configured it and I can give it a go as per same?

Andy

0 Kudos
Salom_Idhogela
Collaborator
‎2023-08-30 07:28 AM
In response to the_rock
Jump to solution

Please see attached.

QoS.png

0 Kudos
the_rock
Legend
Legend
‎2023-08-30 07:40 AM
In response to Salom_Idhogela
Jump to solution

Sorry, just have to do some Fortigate lab stuff, but will test in a bit.

Andy

the_rock
Legend
Legend
‎2023-08-30 07:50 AM
In response to Salom_Idhogela
Jump to solution

Ok, I can multitask, so did below and works fine for me in R81.20

Andy

 

 

Screenshot_1.png

 

Salom_Idhogela
Collaborator
‎2023-08-31 02:19 AM
In response to the_rock
Jump to solution

Thanks, I will log a TAC why it's not working on R81.10 before considering an upgrade to R81.20.

 

Regards,

Salom

0 Kudos
Salom_Idhogela
Collaborator
‎2023-09-01 03:10 AM
In response to the_rock
Jump to solution

I have managed to get it working on R81.10 per IP. See below screenshot

Qos 1.png

0 Kudos
Duane_Toler
Advisor
‎2023-08-30 07:23 AM
In response to Bernardes
Jump to solution

QoS blade can work per-IP, but this is unreliable if your hosts are dynamically-assigned.  However, AppControl/URLF blade will work for user identities via access roles.

 

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top