Hi, I have a problem that I couldn't find any solutions on the web.
I currently have a multiple WAN / multiple LAN setup that works well with no traffic shapping (only firewall rules that redirect traffic according to ports). The fact is I just got a symetrical 1000 Mbit/s WAN access but I want to use only 60 Mbit/s on this connexion (each up and down) and no more (let's call it WAN1). But the LAN users need auround 100-150 Mbit/s for surfing the web. That's why I also have a few 15-20 Mbit/s WAN access (let's call it WAN2-WAN6) but their quality is worse (higher ping and less stable) than WAN1.
So what I need is to setup a (set of) rule(s) with Traffic Shapping probably that handles all the http/https traffic and redirect it to the WAN1-WAN6 group gateways but under the condition that under no circumstances the WAN1 bandwith gets above 60 Mbit/s.
I have found out how to use the limiter to limit up and down bandwidth of a firewall rule but I don't want it applied on the whole http/https traffic but only a single interface. So I've looked at Traffic Shapper By Interface but I've only managed to limit the upload bandwidth and not the download one and I can't find how to limit both up and down on an interface.
I'm quite lost right now, so I hope you would come with a solution.
In addition if the WAN1 gateway could be prioritized over the WAN2-WAN6 that would be better but it's not the most important point.
the settings are now different, I was just reporting what was in use at the time of the test.
For reference I now have it using aes 128-gcm as I consider aes 256 wasting resources, and sha256 for the reason you said, sha when used with gcm is only used for the control channel so the impact of strengthening it wont be noticeable.
I am pretty sure aes hardware offloading is working in my case regardless of the settings tho.