Support Center > Search Results > SecureKnowledge Details
DSCP value in IP header is changed on a Security Gateway with QoS disabled Technical Level
Symptoms
  • The DSCP value in an IP header is changed on a Security Gateway with QoS disabled.
Cause

The connection is transparently proxied when the Check Point Active Streaming (CPAS) is in effect.

  • One connection is between the client and the Security Gateway.
  • The other connection is between the Security Gateway and the destination.

In order to use the same DSCP value even though the connection is transparently proxied, the value would have to be copied from the packets from one side to the other.

However, as the SYN-ACK from the Security Gateway to the client is generated and sent before the SYN-ACK is received from the destination, the DSCP value cannot be copied.


Solution
Note: To view this solution you need to Sign In .