A traffic selector can be regarded as a QoS definition which describes certain types of network traffic to be handled by QoS. These definitions later get used inside the bandwidth pool definition. There you can define how this traffic gets handled by QoS, like limiting the overall bandwidth or guarantee a certain amount of minimum bandwidth.
To create a traffic selector, proceed as follows:
On the Traffic Selector tab, click New Traffic Selector.
The Add Traffic Selector dialog box opens.
Make the following settings:
Name: Enter a descriptive name for this traffic selector.
Selector type: You can define the following types:
Source: Add or select the source network for which you want to enable QoS.
Service: Only with Traffic selector. Add or select the network service for which you want to enable QoS. You can select among various predefined services and service groups. For example, select VoIP protocols (SIP and H.323) if you want to reserve a fixed bandwidth for VoIP connections.
Destination: Add or select the destination network for which you want to enable QoS.
Tip – How to add a definition is explained on the Definitions & Users > Network Definitions > Network Definitions page.
Control by: Only with Application selector. Select whether to shape traffic based on its application type or by a dynamic filter based on categories.
Control these applications/categories: Only with Application selector. Click the Folder icon to select applications/categories. A dialog window opens, which is described in detail in the next section.
Productivity: Only with Dynamic filter. Reflects the productivity score you have chosen.
Risk: Only with Dynamic filter. Reflects the risk score you have chosen.
Note – Some applications cannot be shaped. This is necessary to ensure a flawless operation of Sophos UTM. Such applications miss a checkbox in the application table of the Select Application dialog window, e.g. WebAdmin, Teredo and SixXs (for IPv6 traffic), Portal (for User Portal traffic), and some more. When using dynamic filters, shaping of those applications is also prevented automatically.
Comment (optional): Add a description or other information.
Optionally, make the following advanced settings:
TOS/DSCP (only with selector type Traffic Selector): In special cases it can be useful to distinguish traffic to be handled by QoS not only by its source, destination, and service but additionally based on its TOS or DSCP flags in the IP header.
TOS bits: Select this option if you want to restrict the traffic handled by QoS to IP packets with specific TOS bits (Type of Service) settings. You can choose between the following settings:
Amount of data sent/received: Select the checkbox if you want the traffic selector to match based on the amount of bytes transferred by a connection so far. With this feature you can e.g. limit the bandwidth of large HTTP uploads without constraining regular HTTP traffic.
Helper: Some services use dynamic port ranges for data transmission. For each connection, the ports to be used are negotiated between the endpoints via a control channel. Sophos UTM uses a special connection tracking helper monitoring the control channel to determine which dynamic ports are being used. To include the traffic sent through the dynamic ports in the traffic selector, select Any in the Service box above, and select the respective service from the Helper drop-down list.
The new selector appears on the Traffic Selectors list.
If you defined many traffic selectors, you can combine multiple selectors inside a single traffic selector group, to make the configuration more convenient.
This traffic selector or traffic selector group can now be used in each bandwidth pool. These pools can be defined on the Bandwidth Pools tab.
When creating application control rules you need to choose applications or application categories from a dialog window called Select one or more applications/categories to control.
The table in the lower part of the dialog window displays the applications you can choose from or which belong to a defined category. By default, all applications are displayed.
The upper part of the dialog window provides three configuration options to limit the number of applications in the table:
Tip – Each application has an Info icon which, when clicked, displays a description of the respective application. You can search the table by using the filter field in the table header.
Now, depending on the type of control you selected in the Create New Traffic Selector dialog box, do the following:
After clicking Apply, the dialog window closes and you can continue to edit the settings of your traffic selector rule.
|© 2019 Sophos Limited
|Sophos UTM 9.600