Configuring queues and traffic shapers

Before applying QoS to firewall network interfaces and in filter rules, you must first add and configure queues and traffic shapers.

  • Queues can be used to reserve bandwidth for a particular type of traffic, or to restrict such traffic by setting a guaranteed or maximum amount of bandwidth. You can also define priority queues to prioritize packets based on their source. You need to define default queues and acknowledgment queues to be associated with network interfaces, and then other queues to use in filter rules.

  • Traffic shapers are traffic regulators that allow you to set the maximum bandwidth that can be used on each network interface on which QoS has been enabled.

To add queues and traffic shapers, go to Configuration > Quality of service.

For queues:

  1. Click on Add in the upper part of the panel,Quality of service tab

  2. Select the queue type:

    Priority Queue (PRIQ)

    Prioritizes packets with a ranking from priority 0 (traffic with the highest priority) to priority 7 (traffic with the lowest priority).

    Packets associated with a filter rule that uses a PRIQ are processed before packets that are not assigned to a PRIQ, or which are attached to a PRIQ with lower priority.
    Class Based Queue (CBQ)

    Used for reserving or limiting bandwidth, by indicating the guaranteed or maximum amount of bandwidth to apply to outgoing traffic, and for return traffic on connections. At least one of the values has to be a value other than 0.
    Monitoring Queue (MONQ) Does not have any influence on network traffic, but makes it possible to save the bandwidth information used by monitored traffic.

  3. In the window that opens, name the queue and fill in the mandatory fields according to the chosen queue type. Custom variables can be used for CBQ to indicate bandwidth values. In this case, copy and paste the name of the desired variable (e.g., %CUSTOM_VAR1%). The unit used is kbit/s.

  4. Add the queue.

For a traffic shaper:

  1. Click on Add in the lower part of the panel,

  2. Name the traffic shaper,

  3. In the Outgoing bandwidth column, enter the value corresponding to 90% of the bandwidth on the link attached to the interface.

  4. In the Unit column, indicate the bandwidth unit.

  5. In the Incoming bandwidth column, enter the value corresponding to 90% of the bandwidth on the link attached to the interface,

  6. In the Unit column, indicate the bandwidth unit.

  7. Confirm by clicking on Apply.

Custom variables can be used to indicate bandwidth values. In this case, copy and paste the name of the desired variable (e.g., %CUSTOM_VAR2%). The unit used is kbit/s.

For detailed advice on the configuration of queues and traffic shapers, refer to the technical note Configuring QoS on SNS firewalls.

Queues and traffic shapers can be modified or deleted, as long as they are not used by firewalls on which you do not have write access privileges. You can check where firewalls are being used by clicking on the Check usage button in each grid.

For more information, refer to the section Restricting folder administrators' access privileges.