Creating default queues
Go to Security policy > Quality of service > Queues tab.
Understanding the queue grid
"Guaranteed bandwidth” and "Max bandwidth” columns
The Guaranteed bandwidth and Max bandwidth columns are dedicated to traffic leaving the network interface:
- In the Guaranteed bandwidth column, bandwidth reservation can be set for outgoing traffic,
- In the Max bandwidth column, bandwidth limitation can be set for outgoing traffic.
Guaranteed rev. and Max rev. columns
The Guaranteed rev. (guaranteed reverse bandwidth) and Max rev. (maximum reverse bandwidth) columns are dedicated to a connection's return traffic:
- In the Guaranteed rev. column, bandwidth reservation can be set for return traffic on connections,
- In the Max rev. column, bandwidth limitation can be set for return traffic on connections.
Creating default queues for the LAN and WAN interfaces
NOTE
We highly recommend specifying bandwidth reservation (Guaranteed bandwidth and Guaranteed rev. fields) for default queues.
This is because when available bandwidth on the link is saturated, if no bandwidth is reserved, the firewall may delete traffic that must join the default queue.
The value of this reservation depends on the volume and amount of low-priority traffic that is not part of a specific QoS queue.
Creating the default queue for the LAN interface
- Click on Add.
- Select Class Based Queuing (CBQ).
- Name the queue (DEF_LAN_Q in this example).
- In the Guaranteed bandwidth line, indicate the desired value for bandwidth reservation (100 Mbit/s in this example).
- In the Max bandwidth line, leave the value suggested by default (10 Gbit/s).
- In the Guaranteed rev. line, indicate the desired value for bandwidth reservation (100 Mbit/s in this example).
- In the Max rev. line, leave the value suggested by default (10 Gbit/s).
- Confirm by clicking on Apply.
Creating the default queue for the WAN interface
Follow the steps explained in the procedure Creating the default queue for the LAN interface with the following values:
| Queue type | Class Based Queuing |
| Name | DEF_WAN_Q |
| Guaranteed bandwidth | 10 Mbit/s |
| Max bandwidth | value suggested by default (10 Gbit/s) |
| Guaranteed rev. | 10 Mbit/s |
| Max rev. | value suggested by default (10 Gbit/s) |
NOTE
In configurations that use IPsec traffic, such traffic will automatically join the default queue for the WAN interface. This is why class-based queuing is applied to this queue.
Please note that the application of QoS to IPsec traffic is not covered in this Technical Note.
Creating acknowledgment (ACK) queues for LAN and WAN interfaces
In this example, the link connected to the LAN interface offers maximum bandwidth of 1 Gbit/s while the link connected to the WAN interface has maximum bandwidth of 100 Mbit/s.
The respective acknowledgment (ACK) queues are therefore 50 Mbit/s for the LAN interface and 5 Mbit/s for the WAN interface (reservation of 5% of the maximum bandwidth on links).
Creating the acknowledgment (ACK) queue for the LAN interface
Follow the steps explained in the procedure Creating the default queue for the LAN interface with the following values:
| Queue type | Class Based Queuing |
| Name | DEF_LAN_ACK_Q |
| Guaranteed bandwidth | 50 Mbit/s |
| Max bandwidth | unlimited |
| Guaranteed rev. | 50 Mbit/s |
| Max rev. | unlimited |
Creating the acknowledgment (ACK) queue for the WAN interface
- Follow the steps explained in the procedure Creating the default queue for the LAN interface with the following values:
| Queue type | Class Based Queuing |
| Name | DEF_WAN_ACK_Q |
| Guaranteed bandwidth | 5 Mbit/s |
| Max bandwidth | unlimited |
| Guaranteed rev. | 5 Mbit/s |
| Max rev. | unlimited |
The grid of the QoS queues set in this example will therefore look like this:
- Confirm changes to the QoS configuration by clicking on Apply.