Because QoS is enforced on traffic as it egresses the firewall, the QoS policy rule is applied to
traffic after the firewall has enforced all other security policy rules, including
Network Address Translation (NAT) rules. However, the firewall evaluates QoS rules based
on the contents of the original packet, such as pre-NAT source IP, pre-NAT source zone,
pre-NAT destination IP, and post-NAT destination zone. Therefore, do not configure the
QoS policy with the post-NAT addresses.