Because QoS is enforced on traffic as it egresses the firewall, the QoS policy rule is
applied to traffic after the firewall has enforced all other security policy rules,
including Network Address Translation (NAT) rules. However, the firewall evaluates QoS
rules based on the contents of the original packet, such as pre-NAT source IP, pre-NAT
source zone, pre-NAT destination IP, and post-NAT destination zone. Therefore, do not
configure the QoS policy with the post-NAT addresses.