The connection is transparently proxied when the Check Point Active Streaming (CPAS) is in effect.
- One connection is between the client and the Security Gateway.
- The other connection is between the Security Gateway and the destination.
In order to use the same DSCP value even though the connection is transparently proxied, the value would have to be copied from the packets from one side to the other.
However, as the SYN-ACK from the Security Gateway to the client is generated and sent before the SYN-ACK is received from the destination, the DSCP value cannot be copied.