Today’s networks often consist of many kinds of network traffic that compete for bandwidth. All traffic, whether of prime importance or negligible importance, has an equal chance of reaching its destination in a timely manner. Quality of Service (QoS) marking gives critical traffic preferential treatment to make sure it is delivered quickly and reliably.
QoS functionality must be able to differentiate the various types of data streams that flow across your network. It must then mark data packets. QoS marking creates different classifications of service for different kinds of network traffic. When you mark traffic, you change up to six bits on packet header fields defined for this purpose. The XTM device and other QoS-capable devices can use this marking to provide appropriate handling of a packet as it travels from one point to another in a network.
Fireware XTM supports two types of QoS marking: IP Precedence marking (also known as Type of Service) and Differentiated Service Code Point (DSCP) marking.
You can enable QoS marking for an individual interface or an individual policy. When you define QoS marking for an interface, each packet that leaves the interface is marked. When you define QoS marking for a policy, all traffic that uses that policy is also marked. The QoS marking for a policy overrides any QoS marking set on an interface.
For example, suppose your XTM device receives QoS-marked traffic from a trusted network and sends it to an external network. The trusted network already has QoS marking applied, but you want the traffic to your executive team to be given higher priority than other network traffic from the trusted interface. First, set the QoS marking for the trusted interface to one value. Then, add a policy with QoS marking set for the traffic to your executive team with a higher value.
If you want to apply QoS to IPsec traffic, you must create a specific firewall policy for the corresponding IPsec policy and apply QoS marking to that policy.
You can also choose whether to preserve existing marking when a marked packed is encapsulated in an IPSec header.
To preserve marking:
To remove marking:
Enable QoS Marking and Prioritization in a Policy