Professional Documents
Culture Documents
Previous
Next
Follow these steps to configure Quality of Service (QoS), which includes creating a
QoS profile, creating a QoS policy, and enabling QoS on an interface.
Select
ACC
to view the
ACC
page to view trends and traffic related to Applications, URL filtering, Threat
Prevention, Data Filtering, and HIP Matches.
2. Identify the egress interface for applications that you want to receive QoS
treatment.
The egress interface for traffic depends on the traffic flow. If you are shaping
incoming traffic, the egress interface is the internal-facing interface. If you
are shaping outgoing traffic, the egress interface is the external-facing
interface.
Select
Monitor
Logs
Traffic
to view the Traffic logs.
The
Egress I/F
in the traffic logs displays each application’s egress interface. To display the
Egress I/F
o Click the spyglass icon to the left of any entry to display a detailed log
that includes the application’s egress interface listed in the Destination
section:
3. Add a QoS policy rule.
A QoS policy rule defines the traffic to receive QoS treatment. The firewall
assigns a QoS class of service to the traffic matched to the policy rule.
Because QoS is enforced on traffic as it egresses the firewall, your QoS policy
rule is applied to traffic after the firewall has enforced all other security policy
rules, including Network Address Translation (NAT) rules. If you want to apply
QoS treatment to traffic based on source, you must specify the post-NAT
source address in a QoS policy rule (do not use the pre-NAT source address).
1. Select
Policies
QoS
and
Add
2. On the
General
Name
Source
Destination
Application
Service/URL Category
, and
DSCP/ToS
values (the
DSCP/ToS
Application
, click
Add
, and select
web-browsing
4. (
Optional
Source
and
Add
Source User
5. Select
Other Settings
and assign a
QoS Class
to traffic matching the policy rule. For example, assign Class 2 to the
user1’s web traffic.
6. Click
OK
A QoS profile rule allows you to define the eight classes of service that traffic
can receive, including priority, and enables QoS Bandwidth Management.
You can edit any existing QoS profile, including the default, by clicking the
QoS profile name.
0. Select
Network
Network Profiles
QoS Profile
and
Add
a new profile.
1. Enter a descriptive
Profile Name
2. Set the overall bandwidth limits for the QoS profile rule:
▪ Enter an
Egress Max
value to set the overall bandwidth allocation for the QoS profile
rule.
▪ Enter an
Egress Guaranteed
value to set the guaranteed bandwidth for the QoS Profile.
3. Any traffic that exceeds the Egress Guaranteed value is best effort and
not guaranteed. Bandwidth that is guaranteed but is unused continues
to remain available for all traffic.
4. In the Classes section, specify how to treat up to eight individual QoS
classes:
1. Add
2. Select the
Priority
3. Enter the
Egress Max
and
Egress Guaranteed
5. Click
OK
In the following example, the QoS profile rule Limit Web Browsing limits Class
2 traffic to a maximum bandwidth of 50Mbps and a guaranteed bandwidth of
2Mbps.
5. Enable QoS on a physical interface.
Part of this step includes the option to select clear text and tunneled traffic
for unique QoS treatment.
0. Select
Network
QoS
and
Add
a QoS interface.
1. Select
Physical Interface
Interface Name
2. Set the
Egress Max
It is a best practice to always define the Egress Max value for a QoS
interface. Ensure that the cumulative guaranteed bandwidth for the
QoS profile rules attached to the interface does not exceed the total
bandwidth allocated to the interface.
3. Select
4. In the Default Profile section, select a QoS profile rule to apply to all
Clear Text
5. (
Optional
) Select a default QoS profile rule to apply to all tunneled traffic exiting
the interface.
For example, enable QoS on ethernet 1/1 and apply the bandwidth and
priority settings you defined for the QoS profile rule Limit Web Browsing (Step
4) to be used as the default settings for clear text egress traffic.
6. (
Optional
Tunneled Traffic
tab automatically override the default profile settings for clear text and
tunneled traffic on the Physical Interface tab.
▪ Select
and:
▪ Set the
Egress Guaranteed
and
Egress Max
Add
▪ Select
Tunneled Traffic
and:
▪ Set the
Egress Guaranteed
and
Egress Max
▪ Click
Add
7. Click
OK
Click
Commit
.
Select
Network
QoS
and then
Statistics
to view QoS bandwidth, active sessions of a selected QoS class, and active
applications for the selected QoS class.
For example, see the statistics for ethernet 1/1 with QoS enabled: