Filter
Top Products
Firewall Settings > QoS Mapping
753
SonicOS 5.8.1 Administrator Guide
Conditioning
The traffic can be conditioned (or managed) using any of the many policing, queuing, and
shaping methods available. SonicOS provides internal conditioning capabilities with its Egress
and Ingress Bandwidth Management (BWM), detailed in the “Bandwidth Management” section
on page 765. SonicOS’s BWM is a perfectly effective solution for fully autonomous private
networks with sufficient bandwidth, but can become somewhat less effective as more unknown
external network elements and bandwidth contention are introduced. Refer to the
Example
Scenario in the “Example Scenario” section on page 756 for a description of contention issues.
Site to Site VPN over QoS Capable Networks
If the network path between the two end points is QoS aware, SonicOs can DSCP tag the inner
encapsulate packet so that it is interpreted correctly at the other side of the tunnel, and it can
also DSCP tag the outer ESP encapsulated packet so that its class can be interpreted and
honored by each hop along the transit network. SonicOS can map 802.1p tags created on the
internal networks to DSCP tags so that they can safely traverse the transit network. Then, when
the packets are received on the other side, the receiving SonicWALL appliance can translate
the DSCP tags back to 802.1p tags for interpretation and honoring by that internal network.
Site to Site VPN over Public Networks
SonicOS integrated BWM is very effective in managing traffic between VPN connected
networks because ingress and egress traffic can be classified and controlled at both endpoints.
If the network between the endpoints is non QoS aware, it regards and treats all VPN ESP
equally. Because there is typically no control over these intermediate networks or their paths,
it is difficult to fully guarantee QoS, but BWM can still help to provide more predictable behavior.
To provide end-to-end QoS, business-class service providers are increasingly offering traffic
conditioning services on their IP networks. These services typically depend on the customer
premise equipment to classify and tag the traffic, generally using a standard marking method
VoIP Traffic
Web Traffic
VoIP Traffic
LAN -> VPN
LAN -> VPN
VPN -> LAN
VPN -> LAN
Web Traffic (HTTP, HTTPS, NNTP, TCP4662
LAN -> VPN
LAN -> VPN
LAN -> WAN
LAN -> WAN
DSCP: 48
DSCP: 48
DSCP: 48
DSCP: 48
DSCP: 8
DSCP: 8
DSCP: 0
DSCP: 0
802.11p: 6
802.11p: 6
802.11p: 6
802.11p: 6
802.11p: 1
802.11p: 1
802.11p: -
802.11p: -
Inbound
Outbound
Inbound
Outbound
Inbound
Outbound
Inbound
Outbound
Gar. 30%
Gar. 30%
Gar. 30%
Gar. 30%
Gar. 5%
Gar. 5%
Gar. 2%
Gar. 2%
Max: 60%
Max: 60%
Max: 60%
Max: 60%
Max: 30%
Max: 30%
Max: 30%
Max: 10%
Pri: 0
Pri: 0
Pri: 0
Pri: 0
Pri: 2
Pri: 2
Pri: 7
Pri: 7
Internet
Network Security Appliance
SonicWALL NSA
Remote LAN Main Site LAN
SonicWALL NSA