Traffic management and QoS with multiple LANs
I have a WatchGuard firewall using one external interface (WAN) and two internal interfaces (LAN subnets A and B ). On the internal interfaces I have traffic management applied so that LAN A has higher bandwidth allocation than LAN B. I have a number of policies for each subnet which also have traffic management actions applied to ensure all LAN A policies can use higher bandwidth than LAN B policies. I have no QoS applied anywhere. This has been working well - it does what I expect it to do.
If I want to set higher priority for a single policy in LAN B is it possible to do this without affecting any polices in LAN A? If I set QoS on a policy will it be independent of/ override traffic management? I just want one policy in LAN B to have higher precedence over the other policies in LAN B, and not have higher precedence over anything in LAN A.
I would appreciate any advice on how to do this.
Comments
"On the internal interfaces I have traffic management applied so that LAN A has higher bandwidth allocation than LAN B."
How have you done this? Via the Advanced tab on an interface and set a specific Outgoing Interface Bandwidth?
If so, outgoing traffic on LAN B can't exceed that setting, no matter the precedence of any specific traffic from LAN B.
There are 2 possible queues which could be affected by a QoS marked packet - the receive queue on the internal interface and the send queue on the External interface.
It is the 2nd queue which could impact packets from LAN A if the outgoing bandwidth on external is at or near max.
If it isn't, then setting QoS on any packets coming from LAN B shouldn't impact LAN A's outgoing traffic.
If you set the LAN A interface to be a higher QoS than the QoS setting on a LAN B policy, then you should not have any impact on the LAN A traffic from the LAN B policy QoS setting.
Thanks for your prompt response. To clarify, yes, I used the Advanced tab on an interface to specify Outgoing Interface Bandwidth value. I also have traffic management actions on the individual policies to set max bandwidth for both forward and reverse.
It's one of the outgoing policies in LAN B that I have been asked to prioritise within its own portion of the bandwidth, which I want to avoid affecting LAN A. If I am understanding your comments correctly, I can achieve this simply by setting a QoS value on the LAN B policy.
And to make sure there are no effects if traffic gets to max bandwidth put a higher QoS on the LAN A Interface? (I don't need to set a QoS value on the LAN B interface?)
Correct & correct.
QoS on a policy overrides QoS on an interface anyway.
Try it and see if you get the desired results.
WSM Firebox System Manager -> Service Watch will show you the bandwidth used by your individual policies, which might be helpful here.
As well as FSM -> Traffic Management
That's great, I'll try it.
Thanks again for your help. I really appreciate it.