- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Dear colleagues,
I have a client request to implement bandwidth control per (IP/user), but I'm facing challenges in finding a solution.
If I use the bandwidth control in the rule base, it will limit the entire network to the defined value, which is not the desired outcome.
I'm currently testing with the QoS Blade and I've reviewed the guide, but the 'limit' function's exact purpose and operation aren't clear.
I conducted tests in a lab environment, and even with a limit set in QoS, the bandwidth continued to be used without restriction.
In other words, the 'limit' function doesn't seem to work for bandwidth control.
How can I achieve bandwidth control per connection/IP/user?
Is it possible to achieve this using the QoS Blade?
I have managed to get it working on R81.10 per IP. See below screenshot
Let me see if I can dig out some notes about this, because customer asked me about same subject few years ago and I know there was TAC case about it, but cant remember now what happened. If I find anything, will share.
Andy
Hello @the_rock thank you for your help!
Can you confirm whether the 'limit' function of the QoS blade is supposed to actually restrict bandwidth as defined, or does it have another purpose?
I configured it both in a lab and a client's production environment, and it didn't work as expected.
The guide doesn't make it clear what the intended application of this function is.
Based on below, it would appear so
Andy
https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/96089/FILE/CP_R80.40_QoS_AdminGuide.pdf
Limits
A limit specifies the maximum bandwidth that is assigned to all the connections together. A limit defines a
point after which connections below a rule are not allocated more bandwidth, even if there is surplus
bandwidth available.
Limits can also be defined for the sum of all connections in a rule or for individual connections within a rule.
For more information on weights, guarantees and limits, see Action Type.
Note - Bandwidth allocation is not fixed. As connections are opened and closed, QoS
continuously changes the bandwidth allocation to accommodate competing
connections, in accordance with the QoS Policy.
Btw, I set up qos in my lab again (latest jumbo on R81.20), so can do any testing you need.
Andy
I have the same issue as well, I have assigned a per connection limit for each rule in the QoS blade however it seems not to be working. Did you manage to have it working in R81.20?
Regards,
Salom
Sorry, been super busy, but can try today. Can you send how you configured it and I can give it a go as per same?
Andy
Please see attached.
Sorry, just have to do some Fortigate lab stuff, but will test in a bit.
Andy
Ok, I can multitask, so did below and works fine for me in R81.20
Andy
Thanks, I will log a TAC why it's not working on R81.10 before considering an upgrade to R81.20.
Regards,
Salom
I have managed to get it working on R81.10 per IP. See below screenshot
@Salom_Idhogela What is your source,single or networks. what is your 'Number of guaranteed connections'.Thanks!
Source is network block, number of guaranteed connections is per IP.
QoS blade can work per-IP, but this is unreliable if your hosts are dynamically-assigned. However, AppControl/URLF blade will work for user identities via access roles.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
16 | |
11 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 | |
3 | |
3 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY