This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

DSCP TAGING

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

DSCP TAGING

Go to solution
Gregoux
L4 Transporter

‎02-21-2014 07:32 AM

Hi

could you confirm me, if the tagging DSCP is not flushed via the Palo Alto.

I need to use an avaya VOIP solution and a dscp tag 46 is added to the packet.

thank's

Labels:
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
HULK
L7 Applicator

‎02-21-2014 08:33 AM

Hello Sir,


Packet Marking/Rewriting :

The PAN-OS QoS module is application centric and packets are forwarded to a class/queue based on the application, user and the type of traffic, but not based on IP precedence or DSCP bits. However if an upstream device marks the DSCP bits, PAN-OS maintains those bits as is. PAN-OS provides the flexibility to mark the DSCP or IP precedence bits in the packet to facilitate classification in downstream nodes. This functionality is decoupled from the QoS module, whether or not QoS is configured, you can still configure the system to mark certain flows. The configuration of which is in the options settings of the security policy rule.

Example:

DSCP.JPG.jpg

Please follow below mentioned doc for more detail information.

QoS in PAN-OS 4.1

Hope this helps.

Thanks

View solution in original post

4 REPLIES 4

Go to solution
HULK
L7 Applicator

‎02-21-2014 08:33 AM

Hello Sir,


Packet Marking/Rewriting :

The PAN-OS QoS module is application centric and packets are forwarded to a class/queue based on the application, user and the type of traffic, but not based on IP precedence or DSCP bits. However if an upstream device marks the DSCP bits, PAN-OS maintains those bits as is. PAN-OS provides the flexibility to mark the DSCP or IP precedence bits in the packet to facilitate classification in downstream nodes. This functionality is decoupled from the QoS module, whether or not QoS is configured, you can still configure the system to mark certain flows. The configuration of which is in the options settings of the security policy rule.

Example:

DSCP.JPG.jpg

Please follow below mentioned doc for more detail information.

QoS in PAN-OS 4.1

Hope this helps.

Thanks

Go to solution
mbutt
L5 Sessionator

‎02-21-2014 09:14 AM

Hi,

If the tagging is happening before the traffic enters into the firewall. The firewall should not change the marking on the packets and should pass it as it is.  However is you need to mark it on the firewall that can be done as well.

Following taggings/marking are available in the Palo Alto firewalls.

What DSCP Markings are Available on the Palo Alto Networks Firewall?

Thank you

Numan

Go to solution
Gregoux
L4 Transporter
In response to HULK

‎03-03-2014 07:09 AM

many thank's

0 Likes Likes

Go to solution
treese
L3 Networker
In response to HULK

‎05-28-2020 11:22 AM

For a remote user on GP SSL VPN with a softphone which is dscp marked on the computer at dscp 46 then I can just add this to the vpn security rule and it will maintain this dscp markings from end to end QoS?  Its seems there's many methods of making this work, so I'm trying to find the one that fits us.  

  • 1 accepted solution
  • 7614 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks