Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nflnetwork29
Collaborator

checkpoint QoS on site to site vpn traffic

Hi there is there any way to prioritize the site to site vpn traffic on a checkpoint vpn network? we are doing full mesh vpn for the inter-site voice calls primarily but I would say its more of a hub/spoke topology for the data network where all branch sites connect back to hub site over vpn for data traffic. 

 

is there any way using QoS to guarantee that these VPN tunnels have a certain amount of bandwidth at all time?

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

You can do QoS on the traffic inside a VPN tunnel (assuming it's a domain-based VPN, route-based VPNs are not supported per sk36157), but I don't believe you can do QoS on the VPN tunnel itself.
In any case, QoS doesn't make much sense over the public Internet since there is zero guarantee anything there will honor the DSCP tags. 

Timothy_Hall
Champion
Champion

Actually it is possible to differentiate traffic traversing a VPN tunnel in your QoS policy via a checkbox in the Action of a QoS rule like this, which applies this sample rule only to encrypting/decrypting traffic:

QoS_VPN.png

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
nflnetwork29
Collaborator

i tried to create a similar policy but i receive the following error when i try to install policy on the gateway.

Error - QoS Policy does not apply to any network interface.

Can anyone tell me what I missed?

0 Kudos
G_W_Albrecht
Legend
Legend

I would suggest to follow the QoS Tutorial starting at QoS R80.40 Administration Guide p.32 ! Network Interfaces are the enforcement points for QoS, so QoS has to be enabled on one interface for QoS to be able work on it...

0 Kudos