We run a WAN network that has a multitude of applications (like CUCM) that already pre-tagged their packets for prioritization. Fortigates resets all of this as its default behavior. How do I stop this? I need all the prioritizations forwarded as-is. Do I have to set up a special rule just to handle this for every interface? This seems extremely unwieldy.
yeap you need to enable QoS on the fw-policies for the traffic in the forward state and reverse state
e.g ( a fwpolicy output )
set srcintf "VoIPVLAN18"
set dstintf "WANISP101ATT"
set srcaddr "CUCMAO"
set dstaddr "GWCUJCUBE"
set schedule "always"
set service "CUSTOM1" "CUSTOM2" "FGT2J"
set diffserv-forward enable
set diffserv-reverse enable
set diffservcode-forward 101110
set diffservcode-rev 101110
Keep in mind if you have any switches, you need to set trust diffserv for that port leading in and out of the fortigate.
I just wrote something for my blog about this & how you can monitor the fw sessions for policies
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.