FloodGate-1 also maintains sessions for most protocols during fail over. In addition, FloodGate-1 maintains priority for these protocols. FloodGate-1 does this by tracking state information and associating it with the session in progress.

The Value of Security Integration
Because standalone QoS devices suffer from challenges that relate to the placement of the QoS device relative to the VPN/Firewall, integrated solutions are the only option for secure network environments.

Limitations of Standalone QoS Devices
If a dedicated QoS device is positioned on the WAN side of the VPN/Firewall device, it cannot effectively classify traffic for several reasons. First, the QoS device cannot classify traffic based on information in the IP header, because the information is encrypted. Second, the device cannot classify traffic destined for specific users or servers. This is because the device relies on the destination IP address to classify such traffic, but NAT sends inbound traffic to the firewall's IP address. Third, the QoS device is unprotected by the firewall device, and therefore can be subject to Denial of Service attacks.

If a dedicated QoS device is positioned on the LAN side of the VPN/Firewall device, bandwidth-management decisions are inaccurate and less effective, because VPN overhead causes the actual traffic load to grow beyond link capacity. Furthermore, the device cannot account for traffic flowing to and from the DMZ.

Integrated QoS/VPN Solutions
FloodGate-1/VPN-1 solutions solve these problems by integrating QoS, VPN and firewall functionality on the same device. Shared access to IP header, encryption, NAT, and DMZ information enables FloodGate-1 to account for all relevant information in its control algorithm. Find out more