QoS Policy
Use a QoS policy rule to define traffic to receive QoS treatment (either preferential treatment
or bandwidth-limiting) and assign such traffic a QoS class of service.
Define a QoS policy rule to match to traffic based on:
Applications and application groups.
Source zones, source addresses, and source users.
Destination zones and destination addresses.
Services and service groups limited to specific TCP and/or
UDP port numbers.
URL categories, including custom URL categories.
Differentiated Services Code Point (DSCP) and Type of Service
(ToS) values, which are used to indicate the level of service requested
for traffic, such as high priority or best effort delivery.
You cannot apply DSCP code points or QoS to SSL Forward
Proxy, SSL Inbound Inspection, and SSH Proxy traffic.
Set up multiple QoS policy rules () to associate different
types of traffic with different
QoS Classes of service.
Because QoS is enforced on traffic as it egresses the firewall, the QoS policy rule is applied to
traffic after the firewall has enforced all other security policy rules, including
Network Address Translation (NAT) rules. However, the firewall evaluates QoS rules based
on the contents of the original packet, such as pre-NAT source IP, pre-NAT source zone,
pre-NAT destination IP, and post-NAT destination zone. Therefore, do not configure the
QoS policy with the post-NAT addresses.
