Outbound Policy Rules Not Working as Expected 5.4.9


#1

Balance 30: I have 2 outbound rules for torrent traffic any:any on TCP/UDP port 51413 Weighted Balance 2:0:1 the rule doesn’t seem to but hitting because I’m getting traffic on the 2nd port which corresponds to my default rule at the end Weighted Balance 5:2:0 These are the only two Weighted Balance Rules, the others are enforced or priority.

There is very little traffic on the 3rd wan port 200:120:20 which isn’t what I expect. I also have QOS on the IP / Protocol Number. I assume this is the last digit in the IP address. The computer doing the torrents isn’t included. I did have a low priority QOS rule for 51413 but took it out to troubleshoot and it didn’t make a difference.

Any help is greatly appreciated.


#2

Torrent clients will use many different ports, not just 51413. QoS is based on application, and custom QoS is based on port or port range.


#3

Thanks Tim,

Does the rule match on the source or destination port? 99% of the traffic is on the source port 51413 and that is what I have in my client.


For QOS the Option IP and Protocol Number if I put 15 does that mean 192.168.99.15?



#4

The rule will match however you set it up. In your case, I would assume you are using source ANY, destination ANY, protocol UDP, single port 51413, and then you choose your algorithm according to what you are trying to do.

For QoS, you cannot use an IP address. The scope/protocol can be DSCP ( a value), TCP or UDP (port or port range), or IP (a protocol number). The IP here does not mean IP address, it means protocol number:

In your case, I would assume you are using UDP with single port 51413 and then either giving it a low or high priority depending on what you are trying to do.


#5

Correct for the screenshot I had any any UDP single port 51413 Weighted 2:0:1 (Cable, DSL, WIFI) so no traffic should be on the DSL port. It wasn’t hitting that rule it was hitting my any any default rule at the end. I also tired 192.168.99.10 any port 51413 and had the same behavior. I just changed it to any any UDP ports 12000-65000 and it is working no traffic is on the DSL port. It doesn’t matter if the odd non torrent app hits that rule. My important traffic is on 443 and SIP ports. I was hoping to have a QOS rule to give SSL-VPN priority or SSL on 1 machine but the rules don’t have that flexibility. I was able to get rules in for my SIP.

Thanks for you help!

Nick
Nick