Establishing security
184 Avaya VPNmanager Configuration Guide Release 3.7

QoS mapping

QoS Mapping is the mapping of a QoS policy to a zone. A zone can map to only one QoS
policy, but a QoS policy can be applied to multiple zones.
When you map QoS policies consider the following:
If QoS is configured over multiple interfaces, the DSCP values belonging to a class for a
particular zones should not belong to a different class for other zones.
When QoS is applied over multiple zones, the QoS policies should be identical in definition
of classes, DSCP, and service-networks attributes. The only difference in these QoS
policies should be in the bandwidth allocation percentage.

Mapping QoS policies

After the QoS policies are created, they can be mapped to either public, public-backup or a
semi-private zone at the domain or device level.
1. Select View>QoS Mapping. The QoS General tab is displayed. Click Add. Select either
Domain or Device. The QoS dialog is displayed.
2. For Domain QoS mapping, select the devices that are to be members for this QoS mapping.
3. Select the Zone to be configured.
4. Select the QoS policy that should be applied.
5. Click OK and then click Save.
Packet Filtering
The Packet Filtering feature is available for devices with VPNos 3.x.
VSUs have a multiprotocol filtering service that analyzes packets (also known as frames) at the
Application, Transport, and Network Layers. The headers of the packets can be examined then
compared to filter rules organized in an Access Control List (ACL). Filters can be specifically
created for inbound and/or outbound traffic, and the state of a connection. Additionally, reports
about filtering activity can be sent to a common SNMP manager for viewing.
The ACL can hold up to 200 policies. The default policy is to permit the packet. The default
policy is automatically applied if no other policy is configured or if configured policies do not
match. The ACL can be organized in a specific sequence so that one policy has a precedence
over another. All policies can be customized to meet your needs, and they can be turned off or
on at any time.
Policies are semi-automatically created (one at a time) by using the Packet Filtering Policy
Wizard. As an auxiliary method, policies can also be created at the VSU Console (not explained
in this guide).