Table of Contents
Advertisement
When a packet arrives on an interface, it will first be treated by a filter rule, then the intrusion
prevention engine will assign the packet to the right queue according to the configuration of the
filter rule's QoS field.
There are three types of queues on the firewall: Two of them are directly associated with QoS
algorithms: PRIQ (Priority Queuing) and CBQ (Class-Based Queuing). The third enables traffic
monitoring.
Class-based queue (CBQ)
A scheduling class can be chosen for each filter rule and a bandwidth guarantee or restriction
can be assigned to it.
For example: you can associate a scheduling class with HTTP traffic by associating a CBQ to the
corresponding filter rule.
Class-based queuing determines the way in which traffic assigned to QoS rules will be managed
on the network. Bandwidth reservation mechanisms for this queue type guarantee a minimum
service while bandwidth restriction mechanisms enable the preservation of bandwidth when
dealing with applications that consume a large amount of resources.
Adding a class-based queue
To add a class-based queue, click on the button Add a queue, then select Class-based queue
(CBQ). A line will be added to the table in which you will be able to make your changes.
Modifying a class-based queue
Name
Type
Priority
Bp min
Bp max
Page 290/448
Name of the queue to be configured.
Type of queue (from monitoring (MONQ), priority (PRIQ), reservation/limitation (CBQ)).
Defines the priority level of the traffic assigned to the queue. The cells in this column
can only be edited for PRIQs. It is possible to select a value from 1 (highest priority) to
7 (lowest priority).
Acting as a service guarantee, this option allows guaranteeing a given throughput and
a maximum transfer time. Configured in Kbits/s or as a percentage of the reference
value, this value is shared between all traffic assigned to this QoS rule. As such, if HTTP
and FTP traffic is associated with a queue with a guaranteed minimum of 10Kbits/s,
the HTTP+FTP bandwidth will be at a minimum of 10Kbits/s. However, there is no
restriction on the HTTP bandwidth being 9Kbits/s and the FTP bandwidth being only
1Kbits/s.
REMARK
This option is synchronized by default with the option Min inv. By modifying the
value of this option, this value will be replicated in Min inv. By modifying the
value of Min inv, the values will be different and therefore desynchronized.
Acting as a restriction, this option prohibits bandwidth for the traffic assigned to these
queues from being exceeded. Configured in Kbits/s, Mbits/s, Gbit/s or as a percentage
of the reference value, this value is shared between all traffic assigned to this QoS
rule. As such, if HTTP and FTP traffic is associated with a queue with an authorized
maximum of 500Kbits/s the HTTP+FTP bandwidth must not exceed 500Kbits/s.
REMARK
This option is synchronized by default with the option Min inv. By modifying the
value of this option, this value will be replicated in Min inv. By modifying the
value of Min inv, the values will be different and therefore desynchronized.
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
QUALITY OF SERVICE (QOS)
- Quick Links:
- Administrator Management
Hide quick links:
Advertisement
Table of Contents
