The Lazy Networker

How to set a bandwidth restriction per individual user on Sophos Firewall (SFOS v19.5 or v20.x)

Written by

renjithbs

in

βœ… Goal:

Limit each user to:

  • Download: 2 Mbps
  • Upload: 512 Kbps

(You can change numbers as needed.)

πŸ›  Step-by-step

Step 1: Create Traffic Shaping Policy

  1. Log in to Sophos Firewall web admin (https://<firewall-ip>:4444)
  2. Go to:
    Protect > Traffic Shaping
  3. Click Add
  4. Fill like this:
    | Field | Example |
    |——|———|
    | Name | Limit_2Mbps_per_user |
    | Policy Association | User |
    | Rule type | Individual |
    | Priority | 5 (lower is higher priority) |
    | Bandwidth usage type | Limit |
    | Guaranteed bandwidth | (leave empty) |
    | Maximum bandwidth (download) | 2048 Kbps |
    | Maximum bandwidth (upload) | 512 Kbps |

βœ… Save

Step 2: Apply to individual users

  1. Go to:
    Authentication > Users
  2. Click on the user you want to limit
  3. Under Traffic shaping policy, choose:
    Limit_2Mbps_per_user
  4. Save

Repeat for each user you want to limit.

Step 3: Confirm the firewall rule matches

Bandwidth limit only applies to traffic that matches a firewall rule.

  1. Go to:
    Rules and Policies > Firewall Rules
  2. Confirm you have a rule like:
  • Source zone: LAN
  • Destination zone: WAN
  • User/Network: Any or specific users
  1. If you already have a firewall rule for internet access, you don’t need to change it.
  2. If you want to create a dedicated rule:
  • Click Add Firewall Rule > New User/Network Rule
  • Source zone: LAN
  • Destination zone: WAN
  • Source network: users you want to limit
  • Apply as needed

Step 4: Test & Monitor

Go to:
Monitor & Analyze > Current Activities > Live Users

Watch the bandwidth column to see usage stays around your limit.

You can also see under:

  • Monitor & Analyze > Current Activities > Live Connections

πŸ“ Sample Traffic Shaping Policy Screenshot (for reference)

NameLimit_2Mbps_per_user
Policy associationUser
Rule typeIndividual
Priority5
Guaranteed download(leave empty)
Guaranteed upload(leave empty)
Max download2048 Kbps
Max upload512 Kbps

βœ… Summary

  • Create a User-based, Individual traffic shaping policy
  • Apply it to each user under Authentication > Users
  • Make sure there’s a firewall rule that matches those users’ traffic

Comments

Leave a comment

More posts