NSA 4600 enable qos prioritization for VPN tunnel?

HMC

How can you enable qos to prioritize traffic specifically for a VPN tunnel? There is high utilization on the ISP link, so we want to prioritize the VPN traffic so it doesn't suffer.

Would like to take it even further. Can you prioritize based on source or destination ip networks? Or applications?

TKWITS

On 7.X firmware you can technically apply QoS (ToS or DSCP) to IKE/IPSec traffic via the WAN to WAN Access Rules Traffic Shaping page. The problem, from my understanding, is those rules don't apply to tunneled traffic, just negotiation. And while the same Traffic Shaping QoS options are available on LAN to VPN Access Rules (or VPN to LAN), the QoS is only applied to the traffic being encapsulated by IKE/IPSec, not the entirety of the packet.

So TLDR, no you can't apply QoS to VPN tunnels.

What you can try is applying BWM policies with the high or highest priority to the above mentioned rules, and giving all other traffic medium to low priority. The higher priority rules will get 'priority' above lesser ones.