security-queue policy-id [create]
no security-queue policy-id
config>qos
This command configures a security queue policy for traffic being extracted from the datapath to the CSM for firewall processing. When a security queue policy is created, two queues are created automatically for the extracted traffic: queue 1 for best-effort traffic and queue 2 for expedited traffic. The queue number and type for these two queues is not configurable.
The no form of this command removes the security queue policy.
n/a
the number of the policy being referenced. Policy 1 is reserved for the default security queue policy; it cannot be modified.
keyword used to create a security queue policy
description description-string
no description
config>qos>security-queue
This command configures a description for the security queue policy being referenced.
The no form of this command removes the description.
n/a
a text string describing the entity. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.
[no] queue queue-id
config>qos>security-queue
This command enables the context to configure parameters related to the queue type for the traffic extracted from the datapath to the CSM. When the security queue policy is created, a set of queues is automatically created: queue 1 for best-effort traffic and queue 2 for expedited traffic. When the best-effort and expedited queues are created, default values are assigned to their information rate parameters.
The no form of this command removes the queue-id from the security queue policy.
n/a
specifies the ID for the queue type being referenced
cbs {size-in-kbytes | default}
no cbs
config>qos>security-queue>queue
This command overrides the default Committed Buffer Space (CBS) reserved for the specified queue. The value is configured in kilobytes.
The no form of this command returns the CBS to the default value for the queue type.
specifies the committed buffer space for the queue
high-prio-only {percent | default}
no high-prio-only
config>qos>security-queue>queue
This command configures the percentage of the queue used exclusively by high-priority packets. The specified value overrides the default value for the queue type.
The no form of this command restores the default high-priority reserved size for the queue type.
the percentage reserved for high priority traffic on the queue
mbs {size {bytes | kilobytes} | default}
no mbs
config>qos>security-queue>queue
This command sets the Maximum Burst Size (MBS) value for buffers of a specified queue. The value is configured either in bytes or in kilobytes and overrides the default MBS value.
The no form of this command returns the MBS to the default value for the queue type.
specifies the maximum burst size for the queue, either in bytes or kilobytes
configures the maximum burst size for the queue in bytes
configures the maximum burst size for the queue in kilobytes
rate pir [cir cir]
no rate
config>qos>security-queue>queue
This command sets the Peak Information Rate (PIR) value and optional Committed Information Rate (CIR) for a specified queue. The values are configured in kilobytes and override the default PIR and CIR values.
The no form of this command returns the PIR and CIR to their default values for the queue type, assigned when the security queue policy for firewall traffic was created.
specifies the peak information rate for the queue, in kilobytes per second
specifies the committed information rate for the queue, in kilobytes per second