Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hwong
New Contributor II

Obeying predefined DSCP priotizations

Hi,

 

We run a WAN network that has a multitude of applications (like CUCM) that already pre-tagged their packets for prioritization. Fortigates resets all of this as its default behavior. How do I stop this? I need all the prioritizations forwarded as-is. Do I have to set up a special rule just to handle this for every interface? This seems extremely unwieldy.

2 REPLIES 2
emnoc
Esteemed Contributor III

yeap you need to enable QoS on the fw-policies for the traffic  in the forward state and reverse state

 

e.g ( a fwpolicy output )

 

    edit 1345

        set srcintf "VoIPVLAN18"         set dstintf "WANISP101ATT"             set srcaddr "CUCMAO"                          set dstaddr "GWCUJCUBE"                       set schedule "always"             set service "CUSTOM1" "CUSTOM2" "FGT2J"                     set diffserv-forward enable         set diffserv-reverse enable         set diffservcode-forward 101110         set diffservcode-rev 101110     next end

 

Keep in mind if you  have any switches, you need to set trust diffserv for that port leading in and out of the fortigate.

I just wrote something for my blog about this & how you can monitor the fw sessions for policies

 

http://socpuppet.blogspot.com/2015/02/howto-fortigate-tosdscp-markup.html

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
ewaizel
New Contributor II

HWong

 

Did you find a solution to your problem? I'm having the same.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors