Re: Cisco mls qos trust dscp traffic through Check...

Olu_Fagbohun · ‎2018-01-26

Hello ALL,

Does Checkpoint Gaia R77.30 appliances running only Firewall and ClusterXL modules (NO QOS) allow Cisco mls qos trust dscp traffic to traverse through the firewall when two Cisco Routers are connecting through the firewall using QOS?

The Router A (Source) is trying to apply a QOS profile to traffic going through the firewall to Router B on the other side of the firewall but the QOS profile is not being seen on Router B.

Router A is using static routes towards the firewall while the Firewall and Router B are running ospf.

So will the firewall drop such traffic, or just past it on by default proving normal traffic rules are in place on the firewall?

Plus how can I check if any such drops for Cisco mls qos trust dscp on the firewall?

PhoneBoy · ‎2018-01-26

I assume all the Cisco is doing in this case is tagging the relevant packets with DSCP tags.

Generally speaking, we should leave those tags alone.

That said, there were some situations in the past where we would strip the DSCP tags.

What I would do to troubleshoot this is to review the relevant traffic as it traverses the gateway, reviewing the DSCP tags as they are received by the gateway and pass through it.

If the Cisco is doing something else to establish a QoS profile, that traffic would have to be allowed separately through the Security Gateway.

Are you a member of CheckMates?

Cisco mls qos trust dscp traffic through Checkpoint R77.30 Gaia firewalls