Define QoS rules in QoS Policy elements

After creating a QoS Policy, add QoS rules to it.

Follow these general guidelines when editing QoS rules:
  • The order of the rules in a QoS Policy does not affect how the NGFW Engine handles traffic, as the match is made based on the QoS Class.
  • If you want to use the same QoS Policy on interfaces that have different types of throughput and use the Full QoS Mode, enter Guarantees and Limits as percentages.
  • If you want to use the QoS Policy on interfaces that use DSCP Handling and Throttling QoS Mode, enter Guarantees and Limits in kilobits per second.
  • Operations are made according to the matching rule in the QoS Policy that is assigned to the interface that the traffic uses to exit the NGFW Engine.
  • The rules do not need to cover all traffic. When Full QoS is used, traffic that is not covered is given a priority of 8 without limits or guarantees.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Browse to Policies > QoS Policies.
  3. Right-click the policy you want to edit, then select Edit QoS policy.
  4. Right-click the ID cell of a rule in the QoS Policy, select Add Rule Before or Add Rule After or the ID cell of the Not Classified rule, then select Add Rule.
    A new blank rule is added.
  5. Click the QoS Class cell in the new rule, then select the QoS Class.
  6. Define how the NGFW Engine handles traffic in this QoS Class using any combination of the available options.
    Each one is optional.
  7. Save the QoS Policy.
  8. Refresh the policy to transfer the changes.

QoS Policy Editing view

Use this view to edit a QoS Policy element.

Option Definition
Resources Use this pane to create and add elements to the policy.
Search Opens a search field for the selected element list.
Up (Backspace) Navigates up one level in the navigation hierarchy. Not available at the top level of the navigation hierarchy.
New Opens the associated dialog box to create an element.
Tools Show Deleted Elements — Shows elements that have been moved to the Trash.
Option Definition
Policy Toolbar
Save Saves the changes.
Undo operation Undoes the last change made.
Redo operation Redoes the last change that was undone.
Tools
Expand Rule Sections If you have added Rule Sections, they are expanded.
Collapse Rule Sections If you have added Rule Sections, and they are expanded, they are all collapsed.
Option Definition
QoS tab
ID

An identifier that shows the order of the rules. The number changes as you add, remove, and move rules.

Right-clicking this type of cell opens these menu items:
  • Properties — Opens the Rule Properties dialog box.
  • Cut Rule — Copies the rule to the clipboard and deletes the rule from the policy.
  • Copy Rule — Copies the rule from the policy.
  • Paste — Pastes the rule into the policy.
  • Delete Rule — Deletes the rule from the policy.
  • Disable Rule — Temporarily disables the rule without deleting it.
  • Add Rule Before — Adds the new rule before the selected rule or section.
  • Add Rule After — Adds the new rule after the selected rule or section.
  • Add Rule Section Before — Creates a collapsible section before the selected rule or section.
  • Add Rule Section After — Creates a collapsible section after the selected rule or section.
  • Move Rule Up — Moves the rule position up on the list.
  • Move Rule Down — Moves the rule position down on the list.
QoS Class

A list of the defined QoS Classes, which match the QoS rules to traffic. The QoS Class is assigned to traffic in Access rules or through the DSCP Match cell in the QoS Policy.

Right-clicking this type of cell opens these menu items:
  • Edit QoS Class — Allows you to define the QoS Class.
  • Properties — Opens the element Properties dialog box.
  • Copy — Copies the QoS Class.
  • Rule — Opens a menu of list items for the cell.
  • References — Shows all rules that reference the selected element.
Guarantee

Sets the minimum bandwidth given to this type of traffic under any conditions. The guarantee can be set in kilobits per second or as a percentage of the available bandwidth.

  • Edit Limit — Allows you to edit the cell content.
  • Clear Cell — Removes the cell content.
  • Rule — Opens a menu of list items for the cell.
Limit

Sets the maximum bandwidth that this type of traffic is allowed to consume at any single moment as kilobits per second or as a percentage of the available bandwidth.

  • Edit Limit — Allows you to edit the cell content.
  • Clear Cell — Removes the cell content.
  • Rule — Opens a menu of list items for the cell.
Priority Assigns this type of traffic a number that determines the order in which the NGFW Engine sends packets onwards if there is not enough bandwidth available to send all packets onwards directly, so that packets have to be queued. The priority is a number between 1 (highest priority) and 16 (lowest priority). Higher-priority packets are inserted in the queue ahead of any lower-priority packets already in the queue.
  • Edit Priority — Allows you to edit the cell content.
  • Clear Cell — Removes the cell content.
  • Rule — Opens a menu of list items for the cell.
Weight

The weight of the QoS Class controls the distribution of bandwidth between QoS Classes with the same priority after the Guarantees for the QoS Classes are reached. The weight of the QoS Class is entered as a value from 0 to 100. The relative weight of each QoS Class is displayed in parentheses as a percentage.

  • Edit Weight — Allows you to edit the cell content.
  • Clear Cell — Removes the cell content.
  • Rule — Opens a menu of list items for the cell.
Latency

The average time packets are held in the queue for Active Queue Management (AQM). The NGFW Engine makes a best effort to handle the packets within the specified time, but the Latency value is not a guarantee.

  • Edit Latency — Allows you to edit the cell content.
  • Clear Cell — Removes the cell content.
  • Rule — Opens a menu of list items for the cell.
Comment

An optional free-form comment for your own reference.

Right-clicking this type of cell opens these menu items:
  • Edit Comment — Opens a text area that allows you to edit the comment.
  • Clear Cell — Removes the cell content.
  • Rule — Opens a menu of list items for the cell.
Rule Name
Contains a rule tag and optionally a rule name.
  • Name (Optional) — Name or description for the rule. Displayed alongside the rule tag.
  • Tag (Not editable) — Automatically assigned unique identification for the rule. Works as a link between the log entries and the rule that has generated the log entries. The rule tag consists of two parts (for example, @20.1). The first part of the tag is permanent and belongs to only that rule. The second part changes when the rule is changed. The first part and the second part are separated by a period.
Right-clicking this type of cell opens these menu items:
  • Edit Rule Name — Opens a text area for editing the rule name.
  • Clear Cell — Removes the cell content.

  • Properties — Opens the Rule Properties dialog box.

  • Remaining list items are the same as for the ID cell.
Option Definition
DSCP Match/Mark tab
ID

An identifier that shows the order of the rules. The number changes as you add, remove, and move rules.

Right-clickingthis type of cell opens these menu items:
  • Properties — Opens the Rule Properties dialog box.
  • Cut Rule — Copies the rule to the clipboard and deletes the rule from the policy.
  • Copy Rule — Copies the rule from the policy.
  • Paste — Pastes the rule into the policy.
  • Delete Rule — Deletes the rule from the policy.
  • Disable Rule — Temporarily disables the rule without deleting it.
  • Add Rule Before — Adds the new rule before the selected rule or section.
  • Add Rule After — Adds the new rule after the selected rule or section.
  • Add Rule Section Before — Creates a collapsible section before the selected rule or section.
  • Add Rule Section After — Creates a collapsible section after the selected rule or section.
  • Move Rule Up — Moves the rule position up on the list.
  • Move Rule Down — Moves the rule position down on the list.
QoS Class

A list of the defined QoS Classes, which match the QoS rules to traffic. The QoS Class is assigned to traffic in Access rules or through the DSCP Match cell.

Right-clicking this type of cell opens these menu items:
  • Edit QoS Class — Allows you to define the QoS Class.
  • Properties — Opens the element Properties dialog box.
  • Copy — Copies the QoS Class.
  • Rule — Opens a menu of list items for the cell.
  • References — Shows all rules that reference the selected element.
DSCP Match

Assigns the rule’s QoS Class to traffic when the DSCP code (ToS field) defined in this cell is seen in traffic. The value specified in this cell is the only option that is applied on the interface that the packets use to enter the NGFW Engine.

Right-clicking this type of cell opens these menu items:
  • Edit DSCP Match — Allows you to select a value for the cell.
  • Clear Cell — Removes the cell content.
  • Remaining list items are the same as for the ID cell.
DSCP Mark

Defines the DSCP code (ToS field) that is written to packets that match this DSCP Match/Mark rule when the packets exit the NGFW Engine. The DSCP Mark allows you to communicate the priority of this traffic to other devices that support QoS. You can also use the cell to clear the DSCP classification set by other devices by entering 0 as the value (shown in the policy as 0x00).

Right-clicking this type of cell opens these menu items:
  • Edit DSCP Mark — Allows you to select a value for the cell.
  • Clear Cell — Removes the cell content.
  • Remaining list items are the same as for the ID cell.
Comment

An optional comment for your own reference.

Right-clicking this type of cell opens these menu items:
  • Edit Comment — Opens a text area that allows you to edit the comment.
  • Clear Cell — Removes the cell content.
  • Rule — Opens a menu of list items for the cell.
Rule Name
Contains a rule tag and optionally a rule name.
  • Name (Optional) — Name or description for the rule. Displayed alongside the rule tag.
  • Tag (Not editable) — Automatically assigned unique identification for the rule. Works as a link between the log entries and the rule that has generated the log entries. The rule tag consists of two parts (for example, @20.1). The first part of the tag is permanent and belongs to only that rule. The second part changes when the rule is changed. The first part and the second part are separated by a period.
Right-clicking on this type of cell opens these menu items:
  • Edit Rule Name — Opens a text area that allows you to edit the rule name.
  • Clear Cell — Removes the cell content.
  • Remaining list items are the same as for the ID cell.
Option Definition
General tab
Name The name of the rule.
Rule Tag The rule's tag.
Comment An optional comment for your own reference.
Rule Info tab The rule cells and their values.
History
  • Creator — Shows the administrator who created the rule.
  • Created — Shows the time when the rule was created.
  • Modifier — Shows the administrator who modified the rule.
  • Modified — Shows the time when the rule was modified.
  • Audit History — Opens the Logs view and displays the audit log data for traffic that matches the rule.