Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Prioritize traffic by external ip address

Posted on 2006-07-21
7
Medium Priority
?
395 Views
Last Modified: 2010-04-08
Is there anyway to prioritize traffic through a PIX 515e by someones external ip address.

We have one person working from home and would like all the traffic that he is pulling out of our facility to have a higher priority than everything else.  Is this possible?


Thank you.
0
Comment
Question by:cbones
  • 5
  • 2
7 Comments
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17159952
First you have to have PIX OS 7.x loaded, then you can configure a priority policy with an acl attached to it that matches the traffic you want to give priority
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17159954
if you need an example I can post one
0
 

Author Comment

by:cbones
ID: 17159984
Can you please post an example of priority traffic?

Thank you very much for your help!
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17161201
will when i get into work later today....btw, you do have version 7.x OS on your firewall right?   if not, you don't have the ability to configure priority.  and even though you can upgrade to 7.x on that PIX, there is a lot of changes that happened from 6.x to 7.x so you'd need to research the changes before upgrading.

but i'll be posting my example in a little bit
0
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 1000 total points
ID: 17170383
k, sorry it took so long, here ya go

first create an acl to match the traffic you want to give priority

class-map <class name>
 match access-list <acl to match to>

policy-map <policy name>
 class <class name>
  priority

service-policy <policy name> interface outside

priority-queue outside
  queue-limit   200
  tx-ring-limit 100

this will take a little while to take effect too btw.   Also all this does is move this traffic into another queue that has priority over the default best-effort queue.  If you setup a lot of priority classes, all of them have the same priority; unlike routers which can be configured with much better priority queuing (0-7 level)
0
 

Author Comment

by:cbones
ID: 17178127
Thank you for your help.  The current pix we have does not have version 7 but a lower version 6.3...
I am looking into upgrading or purchasing a new pix with the latest software.

Thank you again for your time.
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 17178733
no problem.....keep in mind though that going from 6.3 to 7.x there are a lot of changes that happened
pptp is gone -> ipsec only
conduits are gone -> acl only
vpngroup are gone ->you now have group-policy and  tunnel-group
ip address <int> is gone -> interfaces are handled like on routers now

basically I can't stress enough to do the research.  And depending upon the complexity of your config it may just be easier to re-write it and start from scratch in 7.x
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question