https://community.checkpoint.com/t5/General-Topics/Cisco-mls-qos-trust-dscp-traffic-through-Checkpoint-R77-30-Gaia/m-p/25384#M5134 <HTML><HEAD></HEAD><BODY><P style="margin: 0cm 0cm 0pt;">Hello ALL,</P><P style="margin: 0cm 0cm 0pt;">Does Checkpoint Gaia R77.30 appliances running only Firewall and ClusterXL modules (NO QOS) allow Cisco mls qos trust dscp traffic to traverse through the firewall when two Cisco Routers are connecting through the firewall using QOS?</P><P style="margin: 0cm 0cm 0pt;">The Router A (Source) is trying to apply a QOS profile to traffic going through the firewall to Router B on the other side of the firewall but the QOS profile is not being seen on Router B.</P><P style="margin: 0cm 0cm 0pt;">&nbsp;Router A is using static routes towards the firewall while the Firewall and Router B are running ospf.</P><P style="margin: 0cm 0cm 0pt;">So will the firewall drop such traffic, &nbsp;or just past it on by default proving normal traffic rules are in place on the firewall? &nbsp;</P><P style="margin: 0cm 0cm 0pt;">Plus how can I check if any such drops for Cisco mls qos trust dscp on the firewall?</P></BODY></HTML> Fri, 26 Jan 2018 13:31:00 GMT Olu_Fagbohun 2018-01-26T13:31:00Z https://community.checkpoint.com/t5/General-Topics/Cisco-mls-qos-trust-dscp-traffic-through-Checkpoint-R77-30-Gaia/m-p/25384#M5134 <HTML><HEAD></HEAD><BODY><P style="margin: 0cm 0cm 0pt;">Hello ALL,</P><P style="margin: 0cm 0cm 0pt;">Does Checkpoint Gaia R77.30 appliances running only Firewall and ClusterXL modules (NO QOS) allow Cisco mls qos trust dscp traffic to traverse through the firewall when two Cisco Routers are connecting through the firewall using QOS?</P><P style="margin: 0cm 0cm 0pt;">The Router A (Source) is trying to apply a QOS profile to traffic going through the firewall to Router B on the other side of the firewall but the QOS profile is not being seen on Router B.</P><P style="margin: 0cm 0cm 0pt;">&nbsp;Router A is using static routes towards the firewall while the Firewall and Router B are running ospf.</P><P style="margin: 0cm 0cm 0pt;">So will the firewall drop such traffic, &nbsp;or just past it on by default proving normal traffic rules are in place on the firewall? &nbsp;</P><P style="margin: 0cm 0cm 0pt;">Plus how can I check if any such drops for Cisco mls qos trust dscp on the firewall?</P></BODY></HTML> Fri, 26 Jan 2018 13:31:00 GMT https://community.checkpoint.com/t5/General-Topics/Cisco-mls-qos-trust-dscp-traffic-through-Checkpoint-R77-30-Gaia/m-p/25384#M5134 Olu_Fagbohun 2018-01-26T13:31:00Z https://community.checkpoint.com/t5/General-Topics/Cisco-mls-qos-trust-dscp-traffic-through-Checkpoint-R77-30-Gaia/m-p/25385#M5135 <HTML><HEAD></HEAD><BODY><P>I assume all the Cisco is doing in this case is tagging the relevant packets with DSCP tags.</P><P>Generally speaking, we should leave those tags alone.&nbsp;</P><P>That said, there were some situations in the past where we would strip the DSCP tags.</P><P>What I would do to troubleshoot this is to review the relevant traffic as it traverses the gateway, reviewing the DSCP tags as they are received by the gateway and pass through it.</P><P></P><P>If the Cisco is doing something else to establish a QoS profile, that traffic would have to be allowed separately through the Security Gateway.</P></BODY></HTML> Sat, 27 Jan 2018 05:49:12 GMT https://community.checkpoint.com/t5/General-Topics/Cisco-mls-qos-trust-dscp-traffic-through-Checkpoint-R77-30-Gaia/m-p/25385#M5135 PhoneBoy 2018-01-27T05:49:12Z