System Administration Guide: IP Services

IPQoS on a Firewall

The following figure shows a segment of a corporate network that is secured from other segments by a firewall.

Figure 33–3 Network Protected by an IPQoS-Enabled Firewall

Topology diagram shows a network consisting of a Diffserv
router, an IPQoS-enabled firewall, an Oracle Solaris system, and
other hosts.

In this scenario, traffic flows into a Diffserv-aware router where the packets are filtered and queued. All incoming traffic that is forwarded by the router then travels into the IPQoS-enabled firewall. To use IPQoS, the firewall must not bypass the IP forwarding stack.

The firewall's security policy determines whether incoming traffic is permitted to enter or depart the internal network. The QoS policy controls the service levels for incoming traffic that has passed the firewall. Depending on the QoS policy, outgoing traffic can also be marked with a forwarding behavior.