how to associate the diff-serv class with a qos policy

[sebastan_bach]

hi all i am having trouble here with diff-serv clss in qos.

in the dash board from the manager tab i added a qos diff-serv class named it voice. in the topology of the gateway object in the extneral interface i added the voice diff serv class and specified the bandwidth parameters.

now my main doubt that whether the floddgate is gonna mark the packets with the diff-serv markings i specified in the diff-serv class . or will it just match the diff-serv markings set by a downstream router and set the bandwidth on those packets.

cause till here i have not seen anywhere that the dif-serv markings i specified for example AF11 to the class name voice will be actually applied to which traffic.

and how to assciate this diff-serv class in qos policy.

cause in the rules tab of the dashboard to add the qos class above a rule or below a rule.

so this diff-serv markings will be applied to which traffic i am really confused out here .

can somebody pls help me out.

these things are so simple in cisco.

regards

sebastan

[Tan Da Boss]

Hi Sebastian,

I think you did half of the configuration.
You have already defined your Class of Service (Diffserv - EF for Voice I assume) and you have configured your interface for QOS.

Now, you have to define a QOS policy.

If you haven't added it yet to your configuration, you should click on
File>Add Policy to package and choose QOS then you will have a QOS tab.

Now you have to add this class to your QOS policy by clicking on
Rules>Add QOS Class

Then you have to create the rules for this class, it works like traditional security policy, just have to define source, destination and port. You also have to specify the QOS properties (weight, limit and/or guarantee)

You need to identify all the traffic you wanna mark by creating rules under the "Voice" class. Only the traffic matching the Voice class' rules will be marked!
Check Point doesn't forward DSCP flags (Diffserv marking) when using Check Point's QOS.

I think you should take a look to the QOS.pdf from Check Point for further details. Almost everything is explained.

Hope I bring you some clarifications regarding Diffserv on Check Point.

Cheers

Tan

[sebastan_bach]

hi tan thanks a lot for ur reply mate.
tan can u tell me something that do we have to create a separate qos policy package for the same. i mean on my smartdashboard i have the qos tab in which i have created some basic qos rules.

now in the dashboard in the rules tab when i click on add qos class it gives 2 options above or below . the in the qos rule page i can see both the best -effort and the voice class out there but it does not allow me to modify the source or destination in that rule.

similarly if i create a empty qos rule and try to add a qos class it again gives the same options above or below.

how can i solve this problem. can u pls help me out. i am just stuck in this part here.

waiting for ur reply mate.

regards

sebastan

[Tan Da Boss]

Hi Sebastian

I think you try to modify the default rule created by Check Point that's why you cannot modify the source or the destination.

Here is an example of QOS policy.



under ToIP, rules "QOS ToIP entrant" and "QOS ToIP sortant" belongs to the "ToIP" Class of service.
It is a diffserv class (EF Flag), so any traffic matching one of these rules, will be tagged with EF flag.
The rule "default" is the automatically created by Check Point, you cannot change the "Any" values of its. The last rule belongs to the "Best Effort" Class of Service.

You just have to add your "Voice" class of service once and create then the rules you need.

Hope that it can unstuck your situation.

Tomorrow I'll be at the office, so I'll have more time if you need.

Cheers

Tan

[sebastan_bach]

hi tan thanks a lot mate. mate let;s do it step by step.

first i need to set the interface properties of the external interface for qos.

then from manage tab of the dashboard i create a qos class and specify the diff-serv value right.

then from the rules page we need to add the qos class.

here i always even though i specify the specific class still the best effor class also gets added.

in the voice class i did add rule below and in the rule i specify the source and destination and service and specify their limits and guarantees.

am i getting it right tan.

thanks a million friend u have really got me working on this.

thanks once again.

best regards

sebastan