This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
arcotangente
Participant
‎2020-05-22 01:21 AM

Simple QoS rule not working

Hi, 

I'm trying to make a simple QoS rule work but not success.

The plan seems to be simple: we have an IPSEC tunnel between our Checkpoint gateway (4600, R80.10) and a third-party. 

QoS blade is enabled, and I've just put a couple or rules in place, one with the public IP of the third-party as source, and the other one with the IP as destination. The action is set to limit 30 Mbps as shown below:

qos.png

 

 

 

For some reason, this is not working, and the bandwidth used by that tunnel spikes up to 60 Mbps

Any help?

Thanks

0 Kudos
6 Replies
Timothy_Hall
Champion
Champion
‎2020-05-22 05:45 AM

Um no, when measured in BITS per second you have set an equivalent Limit of 240Mbit in your QoS rules.  The uppercase "B" indicates BYTES per second instead of bits.  For a 30Mbit limit you either need to change the existing Limit value from 30,000,000 to 3,750,000 or better yet change the QoS units of measure from bytes to bits on this screen of the Global properties to avoid further confusion:

QoS_Units.jpg

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
arcotangente
Participant
‎2020-05-22 07:19 AM
In response to Timothy_Hall

Ouch... 🙈

Just changed, I'll wait a few days to confirm it works and will update the thread.

Many thanks!!!

0 Kudos
arcotangente
Participant
‎2020-05-29 08:07 AM
In response to arcotangente

Working fine!

 

Many thanks @Timothy_Hall !!

0 Kudos
arcotangente
Participant
‎2020-06-11 12:29 AM
In response to Timothy_Hall

Hi again, 

I thought it was working but yesterday the IPSec tunnel spiked again, as shown in the graphic below, it reached 46.86 Mbps while limited to 30Mbps

 

Thanks

 

 
 

snip_20200611092420.pngsnip_20200611092736.png

 

0 Kudos
Timothy_Hall
Champion
Champion
‎2020-06-11 04:37 AM
In response to arcotangente

Based on your QoS rule, connections initiated from the PT_Global_ network are limited to 30Mbps, and connections initiated to the PT_Global_ network from elsewhere are separately limited to 30Mbps.  So in theory up to 60Mbps of bandwidth could be consumed at once depending on the direction of connection initiation.

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
arcotangente
Participant
‎2020-06-11 05:02 AM
In response to Timothy_Hall

Hi Timothy, 

As you see in the bandwidth graphic, it spiked more than 46Mbps only upload (marked in the graphic as Inbound). In the other way (Download/ Outbound in the graphic),  there is just a little traffic. 

So for some reason, the QoS is not working at all. 

Thanks

0 Kudos