Does the firebox prioritize by default?

I have a XTM 25 and M200 running 12.1.B548280.

I'm setting up some SIP trunks for my phone system and wondered if the Firebox will prioritize traffic flagged with QoS without turning on "Enable all traffic management and QoS features" in the Global Settings.

My handsets and phone systems already appear to be marking packets using diffserve as either CS5 or Expedited Forwarding. Will the firebox prioritize by default, or will I need to create a traffic management policy guaranteeing bandwidth?


  • Options
    edited October 2019

    I believe that if you do not have "Enable all traffic management and QoS features" selected, that the firewall will ignore QoS settings on a packet which crosses a firewall routed interface.

    My opinion is based on this option:
    Preserve — Do not change the current value of the bit. The device prioritizes the traffic based on this value.

    QoS Marking Settings

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    The firewall doesn't do anything if QoS is off globally -- if you turn it on be sure to check what each of your interfaces say under advanced -- preserve is usually what you want.

    With that said, there usually isn't enough traffic on a small XTM25 to saturate your connection internally where QoS would be needed. Most ISPs simply discard or ignore QoS markings.

    Having QoS turned on can actually consume more CPU -- I'd suggest trying it without QoS first -- chances are you don't need it, and it likely won't help anyways.

    Thank you.

    -James Carson
    WatchGuard Customer Support

  • Options

    Thanks for the responses. It sounds like I will need to keep the QoS feature turned on from the global settings. I now see under the advanced interface settings the option to prioritize traffic based on QoS. I have left the marking method set to preserve.

    The office with the XTM 25 is sending all voice traffic to our main office via BOVPN which has the M200. I'm trying to make sure voice traffic has priority from the trusted to external interface. We've been having some issues with voice quality in that office after switching them to SIP.

    I tried turning on the traffic management and QoS feature on the M200 and within 2 days the network was so sluggish I had to turn it back off. Is this a common problem? The M200 has much more bandwidth on the WAN interface so I probably don't need it.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Keysd

    Enabling QoS means that the firewall has to inspect each packet for the flags, and react accordingly. This can create additional latency, and depending on the existing load on the firewall, can cause things to queue up waiting for the firewall's attention.

    Under some circumstances, a traffic management action can work better to guarantee bandwidth for an application, like VoIP.)

    (About Traffic Management in Fireware OS v11.9 and Higher)

    Thank you,

    -James Carson
    WatchGuard Customer Support

Sign In to comment.