0

I want to limit the bandwidth of each "user" on my Cyberroam firewall. This normally works with QoS, but the problem here is, that my users aren't logged into the firewall, which (afaik) needs to be the case, to do 'user based QoS' on a Cyberroam Firewall.

I cannot (and wouuldn't want to) create a user for every person on the network, but still want to limit their WAN-Bandwidth somehow. Ideally something IP or MAC based, but I have no idea how to achieve this with my FW.

There is an option of 'Firewall rule' based QoS Policy, but if this is, what it seems like to be, then it just limits all traffic over the FW rule itself.

Can someone help me with establishing a per user bandwidth limit on a Cyberroam CR35iNG, with nothing to do from the user-side?

dCSeven
  • 115
  • 5

1 Answers1

0

As I see it, you cannot go another route.

If you do not want to create Users, there is no real way to shape their bandwidth. The QoS rule , User based, gets applied inside the user's Identity. In the firewall rules you have to apply "Identities" for it to work. https://ibb.co/YXz8qDv -rule-

Depending from where your DHCP runs from, you can use Clientless Users and assign static IP's to Identities. Either using Windows DHCP reservations or the built-in DHCP of the Cyberoam you can assign MAC's to IP's and IP's to Users. You can then either apply QoS per user or as Groups

https://ibb.co/wQ4m1qq -dhcp- https://ibb.co/T2Sn6Sd -clientless user- https://ibb.co/y8dDX5M -Cuser Qos-

Just bare in mind that Firewall Rules trump User rules and the bandwidth shaping might not take desired effect.

There is a great article on QoS on the SOPHOS community blog using Firewall based rules: https://community.sophos.com/kb/en-us/131243

Just note that to apply Firewall based Qos you cannot apply Identities, then yes, that rule shapes all traffic running trough it.

Try using reservations and assign Clientless users so they do not need to sign in. Create Firewall rules as needed or the existing ones and check the "Identities" check box.

jacojburger
  • 20
  • 1
  • 6
  • Thank you for your explaination, but I don't understand why they had to make it that complicated – dCSeven Feb 20 '19 at 15:55
  • I'll try to do it as you suggested, when I find the time to create at least 200 Users manually. One question regarding groups remains: Is the QoS policy then applied for the whole group or for the single users in this group (which would make more sense to me)? – dCSeven Feb 20 '19 at 15:56
  • _(and I would really like to upvote your answer, but I have not enough reputation for it)_ – dCSeven Feb 20 '19 at 15:57