QoS Policy
Use a QoS policy rule to define traffic to receive QoS treatment (either preferential treatment
or bandwidth-limiting) and assign such traffic a QoS class of service.
Define a QoS policy rule to match to traffic based on:
Applications and application groups.
Source zones, source addresses, and source users.
Destination zones and destination addresses.
Services and service groups limited to specific TCP and/or
UDP port numbers.
URL categories, including custom URL categories.
Differentiated Services Code Point (DSCP) and Type of Service
(ToS) values, which are used to indicate the level of service requested
for traffic, such as high priority or best effort delivery.
You cannot apply DSCP code points or QoS to SSL Forward
Proxy, SSL Inbound Inspection, and SSH Proxy traffic.
Set up multiple QoS policy rules () to associate different
types of traffic with different
QoS Classes of service.
Because QoS is enforced on traffic as it egresses the firewall, the QoS policy rule is
applied to traffic after the firewall has enforced all other security policy rules,
including Network Address Translation (NAT) rules. However, the firewall evaluates QoS
rules based on the contents of the original packet, such as pre-NAT source IP, pre-NAT
source zone, pre-NAT destination IP, and post-NAT destination zone. Therefore, do not
configure the QoS policy with the post-NAT addresses.
