Prioritize traffic by external ip address

Is there anyway to prioritize traffic through a PIX 515e by someones external ip address.

We have one person working from home and would like all the traffic that he is pulling out of our facility to have a higher priority than everything else.  Is this possible?


Thank you.
cbonesAsked:
Who is Participating?
 
Cyclops3590Connect With a Mentor Commented:
k, sorry it took so long, here ya go

first create an acl to match the traffic you want to give priority

class-map <class name>
 match access-list <acl to match to>

policy-map <policy name>
 class <class name>
  priority

service-policy <policy name> interface outside

priority-queue outside
  queue-limit   200
  tx-ring-limit 100

this will take a little while to take effect too btw.   Also all this does is move this traffic into another queue that has priority over the default best-effort queue.  If you setup a lot of priority classes, all of them have the same priority; unlike routers which can be configured with much better priority queuing (0-7 level)
0
 
Cyclops3590Commented:
First you have to have PIX OS 7.x loaded, then you can configure a priority policy with an acl attached to it that matches the traffic you want to give priority
0
 
Cyclops3590Commented:
if you need an example I can post one
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
cbonesAuthor Commented:
Can you please post an example of priority traffic?

Thank you very much for your help!
0
 
Cyclops3590Commented:
will when i get into work later today....btw, you do have version 7.x OS on your firewall right?   if not, you don't have the ability to configure priority.  and even though you can upgrade to 7.x on that PIX, there is a lot of changes that happened from 6.x to 7.x so you'd need to research the changes before upgrading.

but i'll be posting my example in a little bit
0
 
cbonesAuthor Commented:
Thank you for your help.  The current pix we have does not have version 7 but a lower version 6.3...
I am looking into upgrading or purchasing a new pix with the latest software.

Thank you again for your time.
0
 
Cyclops3590Commented:
no problem.....keep in mind though that going from 6.3 to 7.x there are a lot of changes that happened
pptp is gone -> ipsec only
conduits are gone -> acl only
vpngroup are gone ->you now have group-policy and  tunnel-group
ip address <int> is gone -> interfaces are handled like on routers now

basically I can't stress enough to do the research.  And depending upon the complexity of your config it may just be easier to re-write it and start from scratch in 7.x
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.