QoS configuration overview

To apply QoS to traffic, you have to create QoS classes and assign them to different types of traffic. You also have to create QoS Policies that determine how traffic is handled, and define a QoS Mode for each engine interface.

Figure: Elements in the QoS configuration



Follow these general steps to configure QoS:

  1. (Optional) Create a QoS Class element for each type of traffic that you want to handle differently on any single network interface.
  2. (Optional) Create one or more QoS Policies to define how each type of traffic is handled on the interfaces.
  3. Assign QoS Classes to different types of traffic in your Access rules.
  4. Define the QoS Mode of each interface.
    Note: You can select a QoS Mode and define a bandwidth for traffic in the properties of a Physical, VLAN, ADSL, Tunnel, SSID Interface, or Port Group Interface of an integrated Switch. Each Physical, VLAN, Tunnel, ADSL, SSID, or Port Group Interface has separate QoS settings.

Bandwidth management and traffic prioritization are configured in QoS Policies. The policies contain rules for the bandwidth guarantees, limits, and priorities you want to set for each type of traffic. The QoS Policies do not contain traffic profiles: to define which QoS rule affects which type of traffic, the same QoS Class element is used in QoS Policies and Access rules, to link them.

The QoS Mode for each interface defines how QoS is applied to the interface. By default, No QoS is selected. You can select a QoS Mode and define a bandwidth for traffic in the properties of a Physical, VLAN, ADSL, Tunnel, SSID Interface, or Port Group Interface. You can select different QoS Modes for each interface. It is not mandatory to use QoS on all interfaces of the same engine. QoS is not supported on Capture Interfaces.

There are two ways the QoS Class can be applied to a packet:
  • If traffic contains a DSCP code when entering the engine, and DSCP handling and throttling or full QoS are enabled, the engine checks if the interface has a QoS Policy. If the DSCP Match/Mark tab of the QoS Policy defines a QoS Class match for that code, the selected QoS Class is applied to the traffic.
  • When traffic is inspected against the policy, the traffic might match an Access rule that includes a QoS Class. The QoS Class specified in the QoS Class cell is always applied to the traffic, overwriting any other QoS Class the traffic might have been assigned. Access rules are not needed if you only want to use DSCP handling and throttling.

Using the QoS Class as a matching criterion, the engine checks if the interface that the packet uses to exit the engine has a QoS Policy. If the QoS Policy contains a rule with the same QoS Class defined, the next steps depend on the QoS rules and the current traffic situation. The QoS rule is applied to the connection and packets are dropped, sent directly, or sent into the queue.