Enable QoS Marking or Prioritization Settings for a Policy

In addition to marking the traffic that leaves a XTM device interface, you can also mark traffic on a per-policy basis. The marking action you select is applied to all traffic that uses the policy. Multiple policies that use the same marking actions have no effect on each other. XTM device interfaces can also have their own QoS Marking settings. To use QoS Marking or prioritization settings for a policy, you must override any per-interface QoS Marking settings.

  1. Select Firewall > Firewall Policies or Firewall > Mobile VPN Policies.
    The Policies page appears.
  2. Select the policy you want to change. Click .
  3. Select the Advanced tab.
  4. To enable the other QoS and prioritization options, select the Override per-interface settings check box.
  5. Complete the settings as described in the subsequent sections.
  6. Click Save.

Policy configuration showing QoS per-interface override settings

QoS Marking Settings

For more information on QoS marking values, see Marking Types and Values.

  1. From the Marking Type drop-down list, select either DSCP or IP Precedence.
  2. From the Marking Method drop-down list, select the marking method:
  1. If you selected Assign in the previous step, select a marking value.

    If you selected the IP precedence marking type you can select values from 0 (normal priority) through 7 (highest priority).

    If you selected the DSCP marking type, the values are 0–56.
  2. From the Prioritize Traffic Based On drop-down list, select QoS Marking.

Prioritization Settings

Many different algorithms can be used to prioritize network traffic. Fireware XTM uses a high performance, class-based queuing method based on the Hierarchical Token Bucket algorithm. Prioritization in Fireware XTM is applied per policy and is equivalent to CoS (class of service) levels 0–7, where 0 is normal priority (default) and 7 is the highest priority. Level 5 is commonly used for streaming data such as VoIP or video conferencing. Reserve levels 6 and 7 for policies that allow system administration connections to make sure they are always available and avoid interference from other high priority network traffic. Use the Priority Levels table as a guideline when you assign priorities.

  1. From the Prioritize Traffic Based On drop-down list, select Custom Value.
  2. From the Value drop-down list, select a priority level.

Priority Levels

We recommend that you assign a priority higher than 5 only to WatchGuard administrative policies, such as the WatchGuard policy, the WG-Logging policy, or the WG-Mgmt-Server policy. Give high priority business traffic a priority of 5 or lower.

Priority Description
0 Routine (HTTP, FTP)
1 Priority
2 Immediate (DNS)
3 Flash (Telnet, SSH, RDP)
4 Flash Override
5 Critical (VoIP)
6 Internetwork Control (Remote router configuration)
7 Network Control (Firewall, router, switch management)

See Also

About QoS Marking

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base

© 2011 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, Firebox, Core, and Fireware are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.