It appears that DSCP marking is being reset to 0 when it passes through my SRX650.. I have not eplicetly set an IDP policy to do this, nor have I added any firewall filters.
Is this normal default behaviour? or is something possibly set some where that would force a rewrite?
1. DSCP is affected if traffic traverses VPN, ip fragmentation (except first packet) and if some QoS rewriting rules are defined ...
2. whereas, normal routing and policy lookups, l2 encapsulations (ATM, Frame Relay, SDH/SONET) never disturbs the QoS parameters ...
so please check whether you are facing any scenario in option-1, or post your config
There is no VPN this is traffic moving from a physical trust interface to a wan zone interface.
I do not have any explicit firewall filter or rewrite rules defined.
I was looking at rewriting some traffic using IDP, however that rule is very specific and so is the firewall policy it is attached to.
I suppose fragmentation could be possible if there is something wrong somwhere interneally but that is the only listed case I can think of.
Turned out to be a missconfigured switch, not the SRX.