Enable QoS Marking and Prioritization in a Policy

In addition to marking the traffic that leaves a Firebox interface, you can also mark traffic for a policy. The marking action you select is applied to all traffic that uses the policy. Multiple policies that use the same marking action do not affect each other. You can also specify unique QoS marking settings for Firebox interfaces. To use QoS marking or prioritization settings for a policy, you must override any per-interface QoS Marking settings.

To enable QoS marking and prioritization options, from Fireware Web UI:

  1. Select Firewall > Firewall Policies or Firewall > Mobile VPN IPSec Policies.
    The Policies page appears.
  2. In the Policy Name column, click the name of the policy to edit.
    The Edit page for the policy appears, with the Settings tab selected.
  3. Select the Advanced tab.
  4. To enable the other QoS and prioritization options, select the Override per-interface settings check box.
  5. Configure the settings as described in the next sections. The available settings depend on the policy type.
  6. Click Save.

To enable QoS marking and prioritization options, from Policy Manager:

  1. Double-click the icon for the policy that manages the traffic to mark.
    The Edit Policy Properties dialog box appears.
  2. Select the Advanced tab.
  3. Select the QoS tab.
  4. To enable the other QoS and prioritization options, select the Override per-interface settings check box.
  5. Configure the settings as described in the next sections. The available settings depend on the policy type.
  6. Click OK.
  7. Save the Configuration File.

QoS Marking Settings

The available QoS marking settings depend on the policy type. The H.323 and SIP ALGs have different QoS marking settings than other policies. All policies support DSCP and IP Precedence marking types and these marking methods.

  • Preserve — Do not change the current value of the bit. The device prioritizes the traffic based on this value.
  • Assign — Assign the bit a new value.
  • Clear — Clear the bit value (set it to zero).

Configure QoS Marking for a Packet Filter or Proxy Policy

To configure QoS marking, from Fireware Web UI or Policy Manager:

  1. From the Marking Type drop-down list, select DSCP or IP Precedence.
  2. From the Marking Method drop-down list, select the marking method

Policy configuration showing QoS per-interface override settings
QoS configuration in Fireware Web UI

Edit Policy Properties dialog box with QoS tab selected
QoS configuration in Policy Manager

  1. If you selected Assign, from the Value drop-down list, select a marking value.
    If you selected the IP Precedence marking type, select a value from 0 (normal priority) through 7 (highest priority).
    If you selected the DSCP marking type, the values are 0–56.
  2. From the Prioritize Traffic Based On drop-down list, select QoS Marking.

Configure QoS Marking for an H.323-ALG or SIP-ALG

For an ALG, you can assign different marking values to audio, video, and data traffic.

To assign marking values, from Fireware Web UI or Policy Manager:

  1. From the Marking Type drop-down list, select DSCP or IP Precedence.
  2. From the Marking Method drop-down list, select the marking method.

Screen shot of the QoS settings for an application layer gateway
QoS configuration in Fireware Web UI

Screen shot of the QoS settings for an application layer gateway
QoS configuration in Policy Manager

  1. If you selected Assign, from the Audio Value, Video Value, and Data Value drop-down lists, select marking values to assign for audio, video and data traffic.
    If you selected the IP Precedence marking type, select a values from 0 (normal priority) through 7 (highest priority).
    If you selected the DSCP marking type, the values are 0–56.

Set a Custom Priority Value

Many different algorithms can be used to prioritize network traffic. Fireware OS uses the strict priority queuing method to prioritize traffic through your Firebox. Prioritization is applied by policy and is equivalent to CoS (class of service) levels 0–7, where 0 is normal priority (default) and 7 is the highest priority. Level 5 is commonly used for streaming data such as VoIP or video conferencing. Reserve levels 6 and 7 for policies that allow system administration connections to make sure they are always available and avoid interference from other high priority network traffic. 

You cannot configure prioritization in H.323-ALG and SIP-ALG policies.

For reference as you configure the priority settings, the table in the Priority Levels section includes the available priority levels and a description of each level.

  1. From the Prioritize Traffic Based On drop-down list, select Custom Value.
  2. From the Value drop-down list, select a priority level.

Priority Levels

We recommend that you assign a priority higher than 5 only to network administration policies, such as the WatchGuard policy or the WG-Mgmt-Server policy. Assign high priority business traffic a priority of 5 or lower.

Priority Description
0 Routine (HTTP, FTP)
1 Priority
2 Immediate (DNS)
3 Flash (Telnet, SSH, RDP)
4 Flash Override
5 Critical (VoIP)
6 Internetwork Control (Remote router configuration)
7 Network Control (Firewall, router, switch management)

Examples

To see examples of how you can apply QoS to policies, go to Traffic Management and QoS Examples.

Related Topics

About QoS Marking