The Lazy Networker

Tag: veritas

  • How to set a bandwidth restriction per individual user on Sophos Firewall (SFOS v19.5 or v20.x)

    Goal:

    Limit each user to:

    • Download: 2 Mbps
    • Upload: 512 Kbps

    (You can change numbers as needed.)

    🛠 Step-by-step

    Step 1: Create Traffic Shaping Policy

    1. Log in to Sophos Firewall web admin (https://<firewall-ip>:4444)
    2. Go to:
      Protect > Traffic Shaping
    3. Click Add
    4. Fill like this:
      | Field | Example |
      |——|———|
      | Name | Limit_2Mbps_per_user |
      | Policy Association | User |
      | Rule type | Individual |
      | Priority | 5 (lower is higher priority) |
      | Bandwidth usage type | Limit |
      | Guaranteed bandwidth | (leave empty) |
      | Maximum bandwidth (download) | 2048 Kbps |
      | Maximum bandwidth (upload) | 512 Kbps |

    Save

    Step 2: Apply to individual users

    1. Go to:
      Authentication > Users
    2. Click on the user you want to limit
    3. Under Traffic shaping policy, choose:
      Limit_2Mbps_per_user
    4. Save

    Repeat for each user you want to limit.

    Step 3: Confirm the firewall rule matches

    Bandwidth limit only applies to traffic that matches a firewall rule.

    1. Go to:
      Rules and Policies > Firewall Rules
    2. Confirm you have a rule like:
    • Source zone: LAN
    • Destination zone: WAN
    • User/Network: Any or specific users
    1. If you already have a firewall rule for internet access, you don’t need to change it.
    2. If you want to create a dedicated rule:
    • Click Add Firewall Rule > New User/Network Rule
    • Source zone: LAN
    • Destination zone: WAN
    • Source network: users you want to limit
    • Apply as needed

    Step 4: Test & Monitor

    Go to:
    Monitor & Analyze > Current Activities > Live Users

    Watch the bandwidth column to see usage stays around your limit.

    You can also see under:

    • Monitor & Analyze > Current Activities > Live Connections

    📝 Sample Traffic Shaping Policy Screenshot (for reference)

    NameLimit_2Mbps_per_user
    Policy associationUser
    Rule typeIndividual
    Priority5
    Guaranteed download(leave empty)
    Guaranteed upload(leave empty)
    Max download2048 Kbps
    Max upload512 Kbps

    Summary

    • Create a User-based, Individual traffic shaping policy
    • Apply it to each user under Authentication > Users
    • Make sure there’s a firewall rule that matches those users’ traffic