Working with QoS Policy

In the Access Policy > QoS Policy page you can manage the QoS default policy and add manual rules if necessary.

The top of the page shows information about these limits:

  • Bandwidth Consuming Applications - If you set download and upload rates in the Access Policy > QoS Blade Control page or Access Policy > Firewall Blade Control page. If you see the disabled link, click it to configure the rates here.

  • Low latency traffic - Shows the maximum percentage of bandwidth that can be reserved for low latency traffic. If you do not set a maximum percentage, traffic that does not require low latency might be starved (might not be handled at all). To change the value, click the percentage link.

You can view the QoS Policy Rule Base on this page. For each rule, you see these fields:

Rule Base Field

Description

No.

Rule number in the QoS policy.

Source

Network object that starts the connection.

Destination

Network object that completes the connection.

Service

Type of network service for which bandwidth is adjusted based on weight, limit, and guarantee.

Guarantee/Limit

Lets you set a percentage that limits the bandwidth rate of traffic and/or guarantees the minimum bandwidth for traffic. Another option is to mark the traffic as low latency. This guarantees that it is prioritized accordingly.

Weight

The unit used to divide available bandwidth when traffic exceeds the maximum bandwidth configured for the Internet connection. See below.

Track

The tracking and logging action that is done when traffic matches the rule.

Comment

An optional field that shows a comment if you entered one. For system generated rules of the default policy a Note is shown.

Weight

QoS divides available bandwidth across the QoS policy rules based on weight. The use of weights instead of specified percentages is a flexible way for the QoS engine to allocate bandwidth if the maximum bandwidth is exceeded based on the specified traffic at that point. This maximizes the usage of the bandwidth.

For example, in an organization, Web traffic is deemed three times as important as FTP traffic. Rules with these services are assigned weights of 30 and 10 respectively. If the lines are congested, QoS keeps the ratio of bandwidth allocated to Web traffic and FTP traffic at 3 to 1.

You can set options for the default policy or you can manually define rules for the QoS policy. If a rule does not use all of its bandwidth, the leftover bandwidth is divided with the remaining rules, based on their relative weights. In the above example, if only one Web and one FTP connection are active and they compete, the Web connection receives 75% (30/40) of the leftover bandwidth, and the FTP connection receives 25% (10/40) of the leftover bandwidth. If the Web connection closes, the FTP connection receives 100% of the bandwidth.

In the Weight field, enter a value that shows the services importance relative to other defined services. For example, if you enter a weight of 100 for a service and set 50 for a different service, the first service is allocated two times the amount of bandwidth as the second when lines are congested.

To create a QoS rule:

  1. Click the arrow next to New.

  2. Click one of the available positioning options for the rule: On Top, On Bottom, Above Selected, or Under Selected.

    The Add Rule window opens. It shows the rule fields in two manners:

    • A rule summary sentence with default values.

    • A table with the rule base fields in a table.

  3. Click the links in the rule summary or the table cells to select network objects or options that fill out the rule base fields. See the descriptions above.

    Note - You can select for a specified rule to have a specified guarantee and/or limit or be marked as low latency traffic. In case of the latter, there is a single maximum limit percentage for ALL low latency traffic which can be configured globally. See above.

  4. To match only for encrypted (VPN) traffic, select Match only for encrypted traffic. The Service column shows "encrypted" if selected.

  5. To limit the rule to a specified time range, select Apply only during this time and select the start and end times. Only connections that begin during this time range are inspected.

  6. DiffServ Mark is a way to mark connections so a third party handles it. To mark packets that are given priority on the public network based on their DSCP, select DiffServ Mark (1-63) and select a value. To use this option, your ISP or private WAN must support DiffServ. You can get the DSCP value from your ISP or private WAN administrator.

  7. In the Write a comment field, enter optional text that describes the rule. This is shown as a comment below the rule.

  8. Click Apply.

Note - You can drag and drop rules to change the order of rules in the QoS Rule Base.

To edit a QoS rule:

Note - For Access Policy rules, you can only edit the tracking options for automatically generated rules.

  1. Select a rule and click Edit.

  2. Edit the fields as necessary.

  3. Click Apply.

To delete a QoS rule:

  1. Select a rule and click Delete.

  2. Click Yes in the confirmation message.

To enable or disable a QoS rule:

  • To disable a manually defined rule that you have added to the Rule Base, select the rule and click Disable.

  • To enable a manually defined rule that you have previously disabled, select the rule and click Enable.

To change the QoS rule order:

  1. Select the rule to move.

  2. Drag and drop it to the necessary position.

Note - You can only change the order of manually defined rules.