Forum Discussion

MichaelQ's avatar
MichaelQ
Meteor
2 months ago

Wireless Traffic Identified as DSCP18

This is driving me up the wall and I don't see a lot of good options, aside from pester support. 

We're an Aruba wireless shop and we have some WMM/QoS configured. This ends up with a bunch of events where the Application/Service detected is dscp18 because Cato is picking up on the QoS value from the access point.  

 

It makes my life difficult when we try to create WAN Firewall rules based on a service on a given destination(s). Aside from de-allocating that DSCP value on my production SSID's, what can I do?

Has anyone else encountered this before?

 

4 Replies

  • Hi MichaelQ, 

    From the Events, It seems there is a large volume of traffic related to "dscp18".
    Would you like to create a specific WAN FW rule to match this type of traffic (source: AP, destination: Any, type: dscp18, action: allow, event: disable) so that it does not show on the CMA Events?

    Cheers

    • MichaelQ's avatar
      MichaelQ
      Meteor

      Not particularly. I would much more prefer that that Cato more intelligently identify traffic based on port/protocol, rather than the QoS values that the access point inserts. 

      What I want to avoid is a scenario where, for example, I create a firewall rule that permits a user to RDP to a server(s) where the service on the rule is RDP but that user is accidentally blocked from doing so because Cato has identified their traffic as DSCP18. 

  • Hi MichaelQ, 

    I see.
    I think its worthwhile to have a short chat/discussion on the details with our SE or PS representative to how this can be improve on this aspect further.

    Cheers

    • MichaelQ's avatar
      MichaelQ
      Meteor

      Just as an FYI I did disable that DSCP mapping on the Aruba side for 2 of my sites and all instances of Cato seeing that traffic did stop, as expected, since the access points are no longer adding that to the packet(s). 

      If this doesn't result in poor experience, we may extend this to our other sites as a workaround.