This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
arcotangente
Participant
‎2020-05-22 01:21 AM

Simple QoS rule not working

Hi, 

I'm trying to make a simple QoS rule work but not success.

The plan seems to be simple: we have an IPSEC tunnel between our Checkpoint gateway (4600, R80.10) and a third-party. 

QoS blade is enabled, and I've just put a couple or rules in place, one with the public IP of the third-party as source, and the other one with the IP as destination. The action is set to limit 30 Mbps as shown below:

qos.png

 

 

 

For some reason, this is not working, and the bandwidth used by that tunnel spikes up to 60 Mbps

Any help?

Thanks

0 Kudos
6 Replies
Timothy_Hall
Legend Legend
Legend
‎2020-05-22 05:45 AM

Um no, when measured in BITS per second you have set an equivalent Limit of 240Mbit in your QoS rules.  The uppercase "B" indicates BYTES per second instead of bits.  For a 30Mbit limit you either need to change the existing Limit value from 30,000,000 to 3,750,000 or better yet change the QoS units of measure from bytes to bits on this screen of the Global properties to avoid further confusion:

QoS_Units.jpg

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
0 Kudos
arcotangente
Participant
‎2020-05-22 07:19 AM
In response to Timothy_Hall

Ouch... 🙈

Just changed, I'll wait a few days to confirm it works and will update the thread.

Many thanks!!!

0 Kudos
arcotangente
Participant
‎2020-05-29 08:07 AM
In response to arcotangente

Working fine!

 

Many thanks @Timothy_Hall !!

0 Kudos
arcotangente
Participant
‎2020-06-11 12:29 AM
In response to Timothy_Hall

Hi again, 

I thought it was working but yesterday the IPSec tunnel spiked again, as shown in the graphic below, it reached 46.86 Mbps while limited to 30Mbps

 

Thanks

 

 
 

snip_20200611092420.pngsnip_20200611092736.png

 

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2020-06-11 04:37 AM
In response to arcotangente

Based on your QoS rule, connections initiated from the PT_Global_ network are limited to 30Mbps, and connections initiated to the PT_Global_ network from elsewhere are separately limited to 30Mbps.  So in theory up to 60Mbps of bandwidth could be consumed at once depending on the direction of connection initiation.

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
0 Kudos
arcotangente
Participant
‎2020-06-11 05:02 AM
In response to Timothy_Hall

Hi Timothy, 

As you see in the bandwidth graphic, it spiked more than 46Mbps only upload (marked in the graphic as Inbound). In the other way (Download/ Outbound in the graphic),  there is just a little traffic. 

So for some reason, the QoS is not working at all. 

Thanks

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events