ZyXEL Communications ZyWALL USG 200 Series User Manual page 555
Unified security gateway
Hide thumbs
Also See for ZyWALL USG 200 Series:
- User manual (902 pages) ,
- Manual (1157 pages) ,
- Reference manual (394 pages)
Table of Contents
Advertisement
numbers for SIP traffic. Likewise, configuring the SIP ALG to use custom port
numbers for SIP traffic also configures application patrol to use the same port
numbers for SIP traffic.
DiffServ and DSCP Marking
QoS is used to prioritize source-to-destination traffic flows. All packets in the same
flow are given the same priority. CoS (class of service) is a way of managing traffic
in a network by grouping similar types of traffic together and treating each type as
a class. You can use CoS to give different priorities to different packet types.
DiffServ (Differentiated Services) is a class of service (CoS) model that marks
packets so that they receive specific per-hop treatment at DiffServ-compliant
network devices along the route based on the application types and traffic flow.
Packets are marked with DiffServ Code Points (DSCPs) indicating the level of
service desired. This allows the intermediary DiffServ-compliant network devices
to handle the packets differently depending on the code points without the need to
negotiate paths or remember state information for every flow. In addition,
applications do not have to request a particular service or give advanced notice of
where the traffic is going.
Use application patrol to set a DSCP value for an application's traffic that the
ZyWALL sends out.
Bandwidth Management
When you allow an application, you can restrict the bandwidth it uses or even the
bandwidth that particular features in the application (like voice, video, or file
sharing) use. This restriction may be ineffective in certain cases, however, such as
using MSN to send files via P2P.
The application patrol bandwidth management is more flexible and powerful than
the bandwidth management in policy routes. Application patrol controls TCP and
UDP traffic. Use policy routes to manage other types of traffic (like ICMP).
Note: Bandwidth management in policy routes has priority over application patrol
bandwidth management. It is recommended to use application patrol instead of
policy routes to manage the bandwidth of TCP and UDP traffic.
Connection and Packet Directions
Application patrol looks at the connection direction, that is from which zone the
connection was initiated and to which zone the connection is going.
A connection has outbound and inbound packet flows. The ZyWALL controls the
bandwidth of traffic of each flow as it is going out through an interface or VPN
tunnel.
ZyWALL USG 100/200 Series User's Guide
Chapter 32 Application Patrol
555
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
