HI Barry,
Check Point DOES label packets. I defined a QoS Class and associated the service FTP into the rule unter that QoS Class. Then, I did an
fw monitor -e "accept sport=21 or dport=21;" -o ~/ftp.out.
I took the output file to analyse it with Ethereal.
YOu just take one of the ftp packets and in the IP header, as you might know, at Byte No. 1 (Byte 0: Version + IHL; Byte 1: Type of Service), you can see the DiffServCodePoint (DSCP) which corresponds exactly with the DSCP you defined by the QoS Class!
This does work definitely! I am a Check POint Instructor (just like Barry) and am teaching that portion in every of my courses. So, I know that it works!!!
At that moment, I suffer from lacking time. So, perhaps at Saturday or Sunday I will try to make some screen shots on this. Perhaps, Check Point could take the Lab and insert it into the next Courseware (v. 1.2)? This will definitely be a great opportunity to learn a lot!
Kind regards,
Yasushi Kono (my private email address is:
ykono@t-online.de)