Thread: Can ToS flags (DSCP) be forwarded across Floodgate?
View Single Post
  #1 (permalink)  
Old 2008-02-04
drewishus drewishus is offline
Junior Member
  
Join Date: 2007-06-20
Posts: 4
Rep Power: 0
drewishus has an average reputation (10+)
Default Can ToS flags (DSCP) be forwarded across Floodgate?
Hi,
I'm not a pro with the QOS stuff, but I understand most of it. I've read the CP docs and scoured the forums and am really having trouble figuring this out:
If I have devices upstream and downstream of the firewall that are marking packets, can I simply allow the markings to persist through the firewall?
By default, it appears that the answer is 'no', but I'm hoping there is an easy way to preserve markings being sent across the firewall.

Currently:
[router-a]-->(dscp packet1)-->[FW]-->(no dscp)-->[router-b]
[router-a]<--(no dscp)<--[FW]<--(dscp packet2)<--[router-b]

Desired:
[router-a]-->(dscp packet1)-->[FW]-->(dscp packet1)-->[router-b]
[router-a]<--(dscp packet2)<--[FW]<--(dscp packet2)<--[router-b]

I know I could write a rule that identifies interesting traffic and rewrites the header for me, but then we've got a bit of a management nightmare for any policy changes to ToS. Does anyone have any ideas?
Thanks!

Andrew
Reply With Quote