• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1112
  • Last Modified:

Configuring QoS with a Cisco Firewall

A requirement is needed to configure QoS on our Cisco Firewalls.
Have PIX/ASA Firewalls and looking to implement QoS on them.
After quite some reading, the "CiscoWorks" seems to arise quite
often as the much needed tool to help identify and configure your]
devices to manage QoS. It is not cheap.
Are there any best first steps and products I can use to help
do a proof of concept and start to configure simple QoS on my
firewalls.
Looking for other products and steps to aid QoS provisioning.
0
ccfcfc
Asked:
ccfcfc
4 Solutions
 
ziaic1Commented:
What kind of traffic are you trying to do QoS with?  I can try to give you an example.
0
 
ccfcfcAuthor Commented:
Well we are looking at VOIP soon but want to test with traffic such as FTP, HTTP or SSL traffic.
It may be useful to test internally with traffic such as "windows copy" between networks.
We have a pending requirement to send SecureFTP (FTPS) to an external customer so would be nice to control that going out. WIll be using ACCESS LIST to control.
From what I have read CiscoWorks would let you look at your traffic and help to configure.
Appreciate any help
 
0
 
kellemannCommented:
The QoS capablities on the Pix/ASA are fairly limited, and shouldn't be the weapon of choice if you are looking for granular mechanisms to control the data.
Pix/ASA only has two queues, so you can't have a high priority for voice, a medium priority for Citrix and low for everything else. You only got high and low. Configuration is described in detail in these links:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

 
Mustafa L. McLinnSystems Engineer/Systems AdministratorCommented:
kellemann's right especially if you're doing VOIP traffic which has high packet counts, the Cisco 851's are good (and cheap) for that and have configurable ACL's and MPLS QOS
http://www.cisco.com/en/US/prod/collateral/routers/ps5853/prod_bulletin0900aecd802d0c05_ps5854_Products_Bulletin.html
IOS 12.3 and higher.

 You most likely want to do this on the switch level as well.
0
 
ccfcfcAuthor Commented:
Thanks I will start reading these links. We have PIX's and ASA in place .
0
 
kellemannCommented:
Any news on this issue?
0
 
ccfcfcAuthor Commented:
This requirement has now dropped way down the list of priorities and no work will be carried out on it any time soon.

I will award some points to each responder for their suggestions.
0
 
ccfcfcAuthor Commented:
I have answered B/partially to all grading questions as we are not in a position to test them.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now