On Fri, 15 Dec 2017, Kenneth Porter wrote:
The gateway is for a small business and I don't want shell and remote desktop sessions to come to a crawl because someone's uploading/downloading/mailing a big CAD file to a customer/vendor, or because several are watching Youtube videos.
Slowdown is probably going to happen since these days much file/bulk transfer and certainly all Google (YouTube) services use HTTPS and thus seem the same to any but the most intrusive inspection and dynamic shaping, i.e., SSL bump or peek'n'splice would be needed wherein at least the beginning of a session can be inspected so that the real purpose can be inferred and used to set the shaping on that single session -- though usually they decrypt everything which has many concerns. Static shaping of HTTP(S) can help but certainly can't assure that "interactive" sessions won't be impacted by "heavy" sessions. If only SSH and RDP need more priority than anything else that should be easily handled by static policy (firehol, wondershaper, etc) though it fails when RDP is used for bulk file transfer (you can check TOS/DSCP on SSH sessions to de-prioritize SCP/SFTP transfers, provided such hasn't been defeated by the sender).
/mark