Juniper Netscreen Qos - aka traffic shaping

Guys, im gonna try and use traffic shapping on my policy for voice traffic over vpn between two sites. Can anyone tell me if VPN traffic can have traffic shaping applied to it? Or should I look at alternative methods?

I will post my results here eventually for others reference.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

rossonieri#1

hi,

yes - you can deploy traffic-shaping inside VPN.
before that what type of NetScreen?
in the VPN - the default is auto, but must be activated first.
and it takes amount of physical interface BW.

cheers.

Pash

Hi rossonieri,

They are both netscreen 5xt's. Ok, thanks for the advice mate. I have an idea on how I wan't to prioritise the traffic and I know how to do it from reading the wonderful tool that is juniper knowledge base

I shall post the results next week.

Thanks again!

rossonieri#1

ya,

juniper has very nice documentations, same as cisco.
while i'm here still struggling with my clients SSGs.
actually i'm a little bit concern now about the word UNIFIED THREAT MANAGEMENT (UTM) thing.
its still too heavy for a device to handle all its functionality.

you are very welcome

Pash

REFERENCES:

http://kb.juniper.net/CUSTOMERSERVICE/index?page=kbdetail&record_id=0244022611e8310108012c3c1901fd3

http://kb.juniper.net/CUSTOMERSERVICE/index?page=kbdetail&record_id=0244022611e8310108012c3c19055d3

Seemingly, you don't have to allocate bandwidth when deciding traffic priority. So my guessing is that by setting traffic priority this way you simply are deciding which traffic get's pushed/received first. I can't confirm this though, not through material ive been reading anyway.

rossonieri#1

hi,

no - you cant allocate a specific BW for the tunnel interface,
you can only provide a guaranteed BW for use.
the sum of the tunnel interfaces BW wont exceeding the physical interface.

cheers.

Pash

Sorry for the later reply, had to push this test back a bit because of other jobs ive been given. Ive even drawn up a visio diagram for the end solution for the customer, tbh its actually very good indeed.

But thanks rossonieri#1 that makes sense to me and well done on beating MAN U yesterday!!! <== chelsea fan.

rossonieri#1

Pash wrote:

well done on beating MAN U yesterday!!! <== chelsea fan.

well - i'm sorry we cant see chelsea in the final, pash.
meet liverpool in the final not an easy job also - since they have defeated milan 2 seasons ago.

but - lets cheers

cheers.

Screenie

Hi,
in my opinion traffic shaping will hardlu work on XT's, screen-os 4.0 is the latest supported I think. You'll nedd 5.x, pref. 5.4 to fintune.

Cheers.

Pash

Screenie wrote:

Hi,
in my opinion traffic shaping will hardlu work on XT's, screen-os 4.0 is the latest supported I think. You'll nedd 5.x, pref. 5.4 to fintune.

Cheers.

The customer is using ssg5's now in a production enviroment (screen OS is latest reccommended by Juniper in production enviroment for ssg5's), basic traffic shapping applied to allow voice over vpn and data transfer in unison. Only three users atm, but everything seems to work ok.

Cheers,