Jump to:navigation, search
Wiki

QoS - Quality of Service

From Securepoint Wiki





































































De.png
En.png
Fr.png






Configuration of the UTM QoS
Last adaptation to the version: 12.6.0
New:
  • Updated to Redesign of the webinterface
notempty
This article refers to a Resellerpreview

12.2 11.7

Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 Network QoS

Introduction

The automatic or user-defined bandwidth management can be edited under Network QoS .


Only one mode can be used at a time.
Depending on the application, it makes sense to select one of the two modes.

Mode: Automatic

Mode: AutomaticUser-defined

In the "Automatic" mode, the prioritization information of the data packets is evaluated.
In addition, a bandwidth management can be done in this mode, where the maximum outgoing or incoming bandwidth can be set.

The note Recommended is located on the interface where the zone external is located. By clicking Edit the interface can be edited.


Caption Value Description Edit QoS for network interface UTMuser@firewall.name.fqdnNetworkQoS UTM v12.6 QoS fuer Netzwerkschnittstelle bearbeiten-en.pngAutomatic
Name: LAN1 Name of the interface
Mode: Automatic The previously selected mode
Downstream:    Link= mbit/s Set bandwidth for downloading
notempty
The limitation of the total traffic to 95% of the line capacity has proven itself. This leaves the queues of the provider and the local modem free.
Upstream:    Link= mbit/s Set bandwidth for uploading
Maximum host number:    Link= Maximum number of hosts among which the available bandwidth is to be divided.
 In any case, it is important to ensure that the number of hosts corresponds to the actual number. In case of doubt, more hosts should be specified than actually exist.
Save and close Saves the settings and closes the dialog


Once the settings have been saved, the data packets are now automatically classified on the basis of the ToS (Type of Service) or DSCP (Differentiated Services Code Point) information. The priority of the individual data packets is therefore determined by the applications.
The traffic is split into three queues:

  • High Priority
  • Normal Priority
  • Low Priority


The queues are then processed with different priority.
The allocation is based on the following criteria:

Priorität: ToS-Feld:
High (Minimum delay) 0xb8, 0x10
Low (Maximum data throughput) 0x08
Normal Everything else

Mode: User-defined

Mode: Automatic User-defined

In " User-defined" mode, the bandwidth can be managed with the help of parent and child profiles. It is also possible to limit the bandwidth in the portfilter rules for specific services.
It is important that this is the actual bandwidth and not the data specified by the provider with the addition "up to". After all, the actual available bandwidth can be subject to strong fluctuations depending on the time of day, so the values that the provider specifies as the minimum available bandwidth must be entered here.


Profiles

Profiles
At this point it is important to be aware of from where to where the data load takes place. The queue for bandwidth limiting is always attached to the interface on which the host that is to receive the data is located. The queue is defined in the parent profile. QoS BB.png
Profiles can be created under Network QoS  Area Profiles Button Add QOS profile:
  • First the parent-profile must be created.
  • Push to create the profile and close the dialog.
 Edit QoS profiles UTMuser@firewall.name.fqdnNetworkQoS UTM v12.6 QoS Upload-Parent hinzufuegen-en.pngParent-Profil
  • Secondly, the child-profile must be created.
  • Now the previously created parent profile can be selected from the drop-down menu as Parent:.
  • Push to create the profile and close the dialog.
 Edit QoS profiles UTMuser@firewall.name.fqdnNetworkQoS UTM v12.6 QoS Upload-Child hinzufuegen-en.pngChild-Profile
  • Now both profiles are displayed connected in the profile overview.
  • In the parent-profile the total bandwidth is defined and in the child-profile the bandwidth that needs to be available for the later created rule.
 QoS UTMuser@firewall.name.fqdnNetwork UTM v12.6 QoS Profil Uebersicht nur Upload-en.pngProfile overview
  • Then you can switch to the Network interfaces tab.
  • Here the desired network interface for the parent-profile can be selected and edited by clicking on .
  • Click Save to assign the parent-profile.
 Edit QoS for network interface UTMuser@firewall.name.fqdnNetworkQoS UTM v12.6 QoS fuer Netzwerkschnittstelle bearbeiten benutzerdefiniert-en.pngSelect network interface
  • If all settings were successful, the overview now shows "Upload-Parent" behind the assigned network interface.
  • Click Save to finally create and set the parent-child profile.
 QoS UTMuser@firewall.name.fqdnNetwork UTM v12.6 QoS Netzwerkschnittstellen Uebersicht-en.pngNetwork interfaces overview

Regulate upload or download

If the upload or download is to be regulated, a parent and a child profile are required:
  • A parent-child profile for the upload must be created as already explained above.
  • In the case of a parent-child profile that deals with the download, the download bandwidth promised by the provider must be entered.
  • In the child profile, which regulates the download, identical values must be entered for Min: and Max:.
notempty
There are no options to regulate upload and download at the same time in manual mode.
QoS UTMuser@firewall.name.fqdnNetwork UTM v12.6 QoS Profil Uebersicht-en.pngProfiles for up- and download

Packetfilter rules

Finally, click Firewall Packetfilter  Button Add rule to create a suitable packetfilter rule.
A packet filter rule is required, which for QOS always has "internal-network" as the source and "internet" as the destination.


General
Add rule UTMuser@firewall.name.fqdnFirewallPacket filter UTM v12.6 QoS Paketfilterregel anlegen-en.pngUpload-child packetfilter rule
Source: Vpn-network.svg internal-network Select source of data packets
Destination: World.svg internet Select destination of data packets
Service: Service-group.svg voip Select desired service
Action: QoS Allows to specify a "Quality of Service" profile that limits the bandwidth for data packets to which this rule applies.
Extras
QoS: Upload-Child Select the previously created profile
Save and close Saves the settings and closes the dialog
Update rules to apply the rules.


The packet filter rules for download and upload, if available, then look as follows:

# Source Destination Service QoS Action Active
Dragndrop.png Vpn-network.svg internal-network World.svg internet Service-group.svg voip Download-Child QoS On
Dragndrop.png Vpn-network.svg internal-network World.svg internet Service-group.svg voip Upload-Child QoS On


These rules are only additional rules for bandwidth management.
In any case, additional packetfilter rules must be created or exist to allow traffic between source and destination with the required ports.

Help for this can be found under Packetfilter.


Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/NET/QoS&oldid=89446"