L7 & ALTQ?



  • Hi all,

    I've decided to take another look at my queuing to try and make it a bit more reliable.

    I'm not really looking to restrict any given service to a set speed, however I want to make sure certain services have more priority over others.
    Example: Downloads are less important then say web browsing (http)

    I've setup using the "wizard" and made all my internal interfaces use PRI ques and the WAN interface has HFSC enabled.

    However there is one flaw, anyone can just put their download application on port 80 and get maximum priority for downloads. Layer 7 time. :)

    So I created a layer 7 group for http…etc. and tried to add it to the existing "http priority" rule that was generated from the wizard.

    I get an error "You can only select a layer7 container for Pass type rules." Currently the rule is set as queue.

    So I'm a bit confused on how I should be setting this up. To summarize I'd like to use layer 7 filter to ensure http traffic is only flowing over port 80 and 443 and no other applications without http header can go on port 80 and 443. Http needs to have more priority over other traffic.

    Any thoughts on how I should be making this a reality? Do I remove the queue rules and create pass rules? I recall under Layer 7 you specify a queue there also.

    Anyway hope someone can help clarify this with me.

    Cheers!



  • No one?


Locked