SonicOS 7.1 Objects
- SonicOS 7.1 Action Objects
- About SonicOS
- Match Objects
- Zones
- How Zones Work
- Default Zones
- Security Types
- Allow Interface Trust
- Effect of Wireless Controller Modes
- Zones Overview
- The Zones Page
- Adding a New Zone
- Adding a New Zone in Policy Mode
- Adding a New Zone in Classic Mode
- Configuring a Zone for Guest Access
- Configuring a Zone for Open Authentication and Social Login
- Configuring the WLAN Zone
- Configuring the RADIUS Server
- Configuring DPI-SSL Granular Control per Zone
- Enabling Automatic Redirection to the User-Policy Page
- Cloning a Zone
- Editing a Zone
- Deleting Custom Zones
- Addresses
- Addresses Page
- About UUIDs for Address Objects and Groups
- Working with Dynamic Address Objects
- Services
- URI Lists
- Schedules
- Dynamic Group
- Email Addresses
- Match Objects
- Countries
- Applications
- Web Categories
- Websites
- Match Patterns
- Custom Match
- Profile Objects
- Endpoint Security
- Bandwidth
- QoS Marking
- Content Filter
- DHCP Option
- DNS Filtering
- Block Page
- Anti-Spyware
- Gateway Anti-Virus
- Log and Alerts
- Intrusion Prevention
- AWS
- Action Profiles
- Security Action Profile
- DoS Action Profile
- Action Objects
- App Rule Actions
- Content Filter Actions
- Object viewer
- SonicWall Support
Remote Site 1: Sample Access Rule or Security Rule Configuration
The Remote Site 1 network could have two
You can configure QoS on:
- Classic Mode: OBJECT | Rules and Policies> Access Rule > Traffic Shaping
- Policy Mode: OBJECT | Action Profiles > Security Action Profile > Bandwidth/QoS
Setting |
|
|
---|---|---|
General View | ||
Action | Allow | Allow |
From Zone | LAN | VPN |
To Zone | VPN | LAN |
Service | VOIP | VOIP |
Source | Lan Primary Subnet | Main Site Subnets |
Destination | Main Site Subnets | Lan Primary Subnet |
Users Allowed | All | All |
Schedule | Always on | Always on |
Enable Logging | Enabled | Enabled |
Allow Fragmented Packets | Enabled | Enabled |
Qos View | ||
DSCP Marking Action | Map | Map |
Allow 802.1p Marking to override DSCP values | Enabled | Enabled |
802.1p Marking Action | Map | Map |
The first
- VoIP traffic (as defined by the Service Group) from LAN Primary Subnet destined to be sent across the VPN to Main Site Subnets would be evaluated for both DSCP and 802.1p tags.
- The combination of setting both DSCP and 802.1p marking actions to Map is described in QoS Marking Actions.
- Sent traffic containing only an 802.1p tag (for example, CoS = 6) would have the VPN-bound inner (payload) packet DSCP tagged with a value of 48. The outer (ESP) packet would also be tagged with a value of 48.
- Assuming returned traffic has been DSCP tagged (CoS = 48) by the firewall at the Main Site, the return traffic is 802.1p tagged with CoS = 6 on egress.
- Sent traffic containing only a DSCP tag (for example, CoS = 48) would have the DSCP value preserved on both inner and outer packets.
- Assuming returned traffic has been DSCP tagged (CoS = 48) by the firewall at the Main Site, the return traffic is 802.1p tagged with CoS = 6 on egress.
- Sent traffic containing only both an 802.1p tag (for example, CoS = 6) and a DSCP tag (for example, CoS = 63) would give precedence to the 802.1p tag and would be mapped accordingly. The VPN-bound inner (payload) packet DSCP would be tagged with a value of 48. The outer (ESP) packet would also be tagged with a value of 48.
To examine the effects of the second
Access Rule (Classic Mode) orSecurity Action Profile (Policy Mode) (VPN > LAN), look at theAccess Rule (Classic Mode) orSecurity Action Profile (Policy Mode) configured at main site, Main Site: Sample Access Rule or Security Rule Configurations.
Was This Article Helpful?
Help us to improve our support portal