BWM for traffic from VPN to WAN
Christian78
Posts: 8 
Freshman Member
Freshman Member
in Security
Hi!
Besides a few BWM rules that I already have in place in our ATP500 and VPN310, I would like to add a rule for all users connecting via VPN. I would like to restrict their bandwidth FROM the entire VPN zone TO the WAN interface. Therefore I've set up this rule:
Unfortunately, it doesn't work. The users who connect to the network via VPN have the full WAN bandwidth available, regardless which Priority I choose in the section "Bandwidth Shaping". I somehow have the feeling that I messed it up the Incoming Interface and the Outgoing Interface, but I can't figure out what I've done wrong.
What I need is a simple rule to limit the bandwidth from any VPN user to any outgoing WAN connection.
What did I do wrong? Any help is appreciated!
Chris
Besides a few BWM rules that I already have in place in our ATP500 and VPN310, I would like to add a rule for all users connecting via VPN. I would like to restrict their bandwidth FROM the entire VPN zone TO the WAN interface. Therefore I've set up this rule:
Unfortunately, it doesn't work. The users who connect to the network via VPN have the full WAN bandwidth available, regardless which Priority I choose in the section "Bandwidth Shaping". I somehow have the feeling that I messed it up the Incoming Interface and the Outgoing Interface, but I can't figure out what I've done wrong.
What I need is a simple rule to limit the bandwidth from any VPN user to any outgoing WAN connection.
What did I do wrong? Any help is appreciated!
Chris
0
All Replies
-
Christian78 said:Unfortunately, it doesn't work. The users who connect to the network via VPN have the full WAN bandwidth available, regardless which Priority I choose in the section "Bandwidth Shaping".Hello @Christian78Changing priority won't affect the bandwidth. The device gives bandwidth to higher-priority traffic first, until it reaches its configured bandwidth rate, so if there is no other traffic with higher priority, the lower-priority traffic can get the full bandwidth.I suggest changing the outgoing/incoming interface and Source/Destination settings.Outgoing: anyIncoming: anySource: RemoteAccess_L2TP_Wiz_CLIENT 192.168.50.1/24 (L2TP client subnet)Destination: anyGuaranteed Bandwidth: Inbound/Outbound: 500 kbpsso that the L2TP client will match the Criteria while accessing the internet, then the traffic will be limited.James0
-
Hello @Zyxel_James
Thank you very much! I will try this. But isn't it the case that with the config you suggested, the traffic to the local networks is limited then, too?
But I will play around a bit with it. Maybe the combination of defining the Source as L2TP subnet clients with a Destination will do the trick.
Thanks once again for your help!
Christian0 -
Yes, based on my suggestion, the traffic from RemoteAccess_L2TP_Wiz_CLIENT to Any will be limited, which includes to local network, you may adjust the Destination according to your needs.0
-
Hi James,
unfortunately, your first suggestion did not work as well. There is no change in the behavior at all.
Christian0 -
Hi Christian78
May I know how you test it? and please provide the topology of your network.
You may also contact me via private message for further investigation, thanks.0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight
