Wireless Traffic Identified as DSCP18

Question

This is driving me up the wall and I don't see a lot of good options, aside from pester support.&nbsp;We're an Aruba wireless shop and we have some WMM/QoS configured. This ends up with a bunch of events where the Application/Service detected is dscp18 because Cato is picking up on the QoS value from the access point.&nbsp;&nbsp;&nbsp;It makes my life difficult when we try to create WAN Firewall rules based on a service on a given destination(s). Aside from de-allocating that DSCP value on my production SSID's, what can I do?Has anyone else encountered this before?&nbsp;

michaelq · Answer

Not particularly. I would much more prefer that that Cato more intelligently identify traffic based on port/protocol, rather than the QoS values that the access point inserts.&nbsp;What I want to avoid is a scenario where, for example, I create a firewall rule that permits a user to RDP to a server(s) where the service on the rule is RDP but that user is accidentally blocked from doing so because Cato has identified their traffic as DSCP18.&nbsp;

michaelq · Answer

Just as an FYI I did disable that DSCP mapping on the Aruba side for 2 of my sites and all instances of Cato seeing that traffic did stop, as expected, since the access points are no longer adding that to the packet(s).&nbsp;If this doesn't result in poor experience, we may extend this to our other sites as a workaround.&nbsp;&nbsp;&nbsp;

michaelsaw · Answer

Hi MichaelQ,&nbsp;From the Events, It seems there is a large volume of traffic related to "dscp18".Would you like to create a specific WAN FW rule to match this type of traffic (source: AP, destination: Any, type: dscp18, action: allow, event: disable) so that it does not show on the CMA Events?Cheers

michaelsaw · Answer

Hi MichaelQ,&nbsp;
I see.I think its worthwhile to have a short chat/discussion on the details with our SE or PS representative to how this can be improve on this aspect further.Cheers