• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1101
  • Last Modified:

Configuring QoS with a Cisco Firewall

A requirement is needed to configure QoS on our Cisco Firewalls.
Have PIX/ASA Firewalls and looking to implement QoS on them.
After quite some reading, the "CiscoWorks" seems to arise quite
often as the much needed tool to help identify and configure your]
devices to manage QoS. It is not cheap.
Are there any best first steps and products I can use to help
do a proof of concept and start to configure simple QoS on my
Looking for other products and steps to aid QoS provisioning.
4 Solutions
What kind of traffic are you trying to do QoS with?  I can try to give you an example.
ccfcfcAuthor Commented:
Well we are looking at VOIP soon but want to test with traffic such as FTP, HTTP or SSL traffic.
It may be useful to test internally with traffic such as "windows copy" between networks.
We have a pending requirement to send SecureFTP (FTPS) to an external customer so would be nice to control that going out. WIll be using ACCESS LIST to control.
From what I have read CiscoWorks would let you look at your traffic and help to configure.
Appreciate any help
The QoS capablities on the Pix/ASA are fairly limited, and shouldn't be the weapon of choice if you are looking for granular mechanisms to control the data.
Pix/ASA only has two queues, so you can't have a high priority for voice, a medium priority for Citrix and low for everything else. You only got high and low. Configuration is described in detail in these links:
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Mustafa L. McLinnSystems Engineer/Systems AdministratorCommented:
kellemann's right especially if you're doing VOIP traffic which has high packet counts, the Cisco 851's are good (and cheap) for that and have configurable ACL's and MPLS QOS
IOS 12.3 and higher.

 You most likely want to do this on the switch level as well.
ccfcfcAuthor Commented:
Thanks I will start reading these links. We have PIX's and ASA in place .
Any news on this issue?
ccfcfcAuthor Commented:
This requirement has now dropped way down the list of priorities and no work will be carried out on it any time soon.

I will award some points to each responder for their suggestions.
ccfcfcAuthor Commented:
I have answered B/partially to all grading questions as we are not in a position to test them.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now