SonicWALL TZ 190 Manuale Utente
Firewall > QoS Mapping
479
SonicOS Enhanced 4.0 Administrator Guide
To examine the effects of the second Access Rule (VPN>LAN), we’ll look at the Access Rules
configured at the Main Site:
configured at the Main Site:
VoIP traffic (as defined by the Service Group) arriving from Remote Site 1 Subnets across the
VPN destined to LAN Subnets on the LAN zone at the Main Site would hit the Access Rule for
inbound VoIP calls. Traffic arriving at the VPN zone will not have any 802.1p tags, only DSCP
tags.
VPN destined to LAN Subnets on the LAN zone at the Main Site would hit the Access Rule for
inbound VoIP calls. Traffic arriving at the VPN zone will not have any 802.1p tags, only DSCP
tags.
–
Traffic exiting the tunnel containing a DSCP tag (e.g. CoS = 48) would have the DSCP
value preserved. Before the packet is delivered to the destination on the LAN, it will also
be 802.1p tagged according to the QoS Mapping settings (e.g. CoS = 6) by the
SonicWALL at the Main Site.
value preserved. Before the packet is delivered to the destination on the LAN, it will also
be 802.1p tagged according to the QoS Mapping settings (e.g. CoS = 6) by the
SonicWALL at the Main Site.
–
Assuming returned traffic has been 802.1p tagged (e.g. CoS = 6) by the VoIP phone
receiving the call at the Main Site, the return traffic will be DSCP tagged according to
the conversion map (CoS = 48) on both the inner and outer packet sent back across
the VPN.
receiving the call at the Main Site, the return traffic will be DSCP tagged according to
the conversion map (CoS = 48) on both the inner and outer packet sent back across
the VPN.
–
Assuming returned traffic has been DSCP tagged (e.g. CoS = 48) by the VoIP phone
receiving the call at the Main Site, the return traffic will have the DSCP tag preserved
on both the inner and outer packet sent back across the VPN.
receiving the call at the Main Site, the return traffic will have the DSCP tag preserved
on both the inner and outer packet sent back across the VPN.
–
Assuming returned traffic has been both 802.1p tagged (e.g. CoS = 6) and DSCP
tagged (e.g. CoS = 14) by the VoIP phone receiving the call at the Main Site, the return
traffic will be DSCP tagged according to the conversion map (CoS = 48) on both the
inner and outer packet sent back across the VPN.
tagged (e.g. CoS = 14) by the VoIP phone receiving the call at the Main Site, the return
traffic will be DSCP tagged according to the conversion map (CoS = 48) on both the
inner and outer packet sent back across the VPN.
Bandwidth Management
SonicOS Enhanced offers an integrated traffic shaping mechanism through its Egress
(outbound) and Ingress (inbound) bandwidth management (BWM) interfaces. Outbound BWM
can be applied to traffic sourced from Trusted and Public Zones (e.g. LAN and DMZ) destined
to Untrusted and Encrypted Zones (e.g. WAN and VPN). Inbound BWM can be applied to traffic
sourced from Untrusted and Encrypted Zones destined to Trusted and Public Zones.
(outbound) and Ingress (inbound) bandwidth management (BWM) interfaces. Outbound BWM
can be applied to traffic sourced from Trusted and Public Zones (e.g. LAN and DMZ) destined
to Untrusted and Encrypted Zones (e.g. WAN and VPN). Inbound BWM can be applied to traffic
sourced from Untrusted and Encrypted Zones destined to Trusted and Public Zones.
Note
Although BWM is a fully integrated QoS system, wherein classification and shaping is
performed on the single SonicWALL appliance, effectively eliminating the dependency on
external systems and thus obviating the need for marking, it is possible to concurrently
performed on the single SonicWALL appliance, effectively eliminating the dependency on
external systems and thus obviating the need for marking, it is possible to concurrently