Enter a name to identify the rule (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.

Enter an optional description.

If you need to tag the policy,

Add

and specify the tag.

A policy tag is a keyword or phrase that allows you to sort or filter policies. This is useful when you have defined many policies and want to view those that are tagged with a particular keyword. For example, you may want to tag certain security policies with Inbound to DMZ, decryption policies with the words Decrypt and No-decrypt, or use the name of a specific data center for policies associated with that location.

Select one or more source zones (default is

any

). Zones must be of the same type (Layer 2, Layer 3, or virtual wire).

Specify a combination of source IPv4 or IPv6 addresses for which the identified application can be overridden. To select specific addresses, choose

select

from the drop-down and do any of the following:

To add new addresses that can be used in this or other policies, click

New Address

. To define new address groups, select Objects > Address Groups.

Specify the source users and groups to which the QoS policy will apply.

Select this option to have the policy apply if the specified information on this tab does NOT match.

Select one or more destination zones (default is

any

). Zones must be of the same type (Layer 2, Layer 3, or virtual wire).

Specify a combination of source IPv4 or IPv6 addresses for which the identified application can be overridden. To select specific addresses, choose

select

from the drop-down and do any of the following:

To add new addresses that can be used in this or other policies, click

New Address

.

Select this option to have the policy apply if the specified information on this tab does not match.

Select specific applications for the QoS rule. To define new applications or application groups, select

Objects

Applications

.

If an application has multiple functions, you can select the overall application or individual functions. If you select the overall application, all functions are included, and the application definition is automatically updated as future functions are added.

If you are using application groups, filters, or container in the QoS rule, you can view details on these objects by holding your mouse over the object in the Application column, click the down arrow and select

Value

. This enables you to easily view application members directly from the policy without having to go to the

Objects

tab.

Select services to limit to specific TCP and/or UDP port numbers. Choose one of the following from the drop-down:

Select URL categories for the QoS rule.

Select

Any

(default) to allow the policy to match to traffic regardless of the Differentiated Services Code Point (DSCP) value or the IP Precedence/Type of Service (ToS) defined for the traffic.

Select

Codepoints

to enable traffic to receive QoS treatment based on the DSCP or ToS value defined a packet’s IP header. The DSCP and ToS values are used to indicate the level of service requested for traffic, such as high priority or best effort delivery. Using codepoints as matching criteria in a QoS policy allows a session to receive QoS treatment based on the codepoint detected at the beginning of the session.

Continue to

Add

codepoints to match traffic to the QoS policy:

Choose the QoS class to assign to the rule, and click

OK

. Class characteristics are defined in the QoS profile. Refer to Network > Network Profiles > QoS for information on configuring settings for QoS classes.