ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual
Firewall Protection
5-33
v1.0, September 2009
2.
Modify the settings that you wish to change (see
Table 5-6 on page 5-32
).
3.
Click
Apply
to save your changes. The modified service is displayed in the Custom Services
table.
Creating Quality of Service (QoS) Profiles
A quality of service (QoS) profile defines the relative priority of an IP packet when multiple
connections are scheduled for simultaneous transmission on the UTM. A QoS profile becomes
active only when it is associated with a non-blocking inbound or outbound firewall rule and traffic
matching the firewall rule flows through the router.
After you have created a QoS profile, you can assign the QoS profile to firewall rules on the
following screens:
•
Add LAN WAN Outbound Services screen (see
Figure 5-3 on page 5-13
).
•
Add LAN WAN Inbound Services screen (see
Figure 5-4 on page 5-14
).
•
Add DMZ WAN Outbound Services screen (see
Figure 5-6 on page 5-16
).
•
Add DMZ WAN Inbound Services screen (see
Figure 5-7 on page 5-17
).
Priorities are defined by the “Type of Service (ToS) in the Internet Protocol Suite” standards,
RFC 1349.
There is no default QoS profile on the UTM. Following are examples of QoS profiles that you
could create:
•
Normal service profile: used when no special priority is given to the traffic. You would
typically mark the IP packets for services with this priority with a ToS value of 0.
•
Minimize-cost profile: used when data must be transferred over a link that has a lower “cost”.
You would typically mark the IP packets for services with this priority with a ToS value of 1.
•
Maximize-reliability profile: used when data must travel to the destination over a reliable link
and with little or no retransmission. You would typically mark the IP packets for services with
this priority with a ToS value of 2.
•
Maximize-throughput profile: used when the volume of data transferred during an interval is
important even if the latency over the link is high. You would typically mark the IP packets for
services with this priority with a ToS value of 3 or 4.
•
Minimize-delay profile: used when the time required (latency) for the packet to reach the
destination must be low. You would typically mark the IP packets for services with this
priority with a ToS value of 7.