This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Olu_Fagbohun
Explorer
‎2018-01-26 05:31 AM

Cisco mls qos trust dscp traffic through Checkpoint R77.30 Gaia firewalls

Hello ALL,

Does Checkpoint Gaia R77.30 appliances running only Firewall and ClusterXL modules (NO QOS) allow Cisco mls qos trust dscp traffic to traverse through the firewall when two Cisco Routers are connecting through the firewall using QOS?

The Router A (Source) is trying to apply a QOS profile to traffic going through the firewall to Router B on the other side of the firewall but the QOS profile is not being seen on Router B.

 Router A is using static routes towards the firewall while the Firewall and Router B are running ospf.

So will the firewall drop such traffic,  or just past it on by default proving normal traffic rules are in place on the firewall?  

Plus how can I check if any such drops for Cisco mls qos trust dscp on the firewall?

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2018-01-26 09:49 PM

I assume all the Cisco is doing in this case is tagging the relevant packets with DSCP tags.

Generally speaking, we should leave those tags alone. 

That said, there were some situations in the past where we would strip the DSCP tags.

What I would do to troubleshoot this is to review the relevant traffic as it traverses the gateway, reviewing the DSCP tags as they are received by the gateway and pass through it.

If the Cisco is doing something else to establish a QoS profile, that traffic would have to be allowed separately through the Security Gateway.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events