QoS policies deployed to managed devices govern rate limiting. Each QoS policy can target multiple devices; each device can
have one deployed QoS policy at a time.
The system matches traffic to QoS rules in the order you specify. The system rate limits traffic according to the first rule
where all rule conditions match the traffic. Traffic that does not match any of the rules is not rate limited.
Note
|
The total number of rules including QoS rules on the device cannot exceed 255. When this threshold is reached, a deployment
warning message is displayed. You need to reduce the number of rules for a successful deployment.
|
You must constrain QoS rules by source or destination (routed) interfaces. The system enforces rate limiting independently on each of those interfaces; you cannot specify an aggregate rate limit for a set of interfaces.
QoS rules can also rate limit traffic by other network characteristics, as well as contextual information such as application,
URL, user identity, and custom Security Group Tags (SGTs).
You can rate limit download and upload traffic independently. The system determines download and upload directions based on
the connection initiator.
Note
|
QoS is not subordinate to a main access control configuration; you configure QoS
independently. However, the access control and QoS policies deployed to the same
device share identity configurations; see Associating Other Policies with Access Control.
|
QoS Policies and Multitenancy
In a multidomain deployment, the system displays policies created in the current domain, which you can edit. It also displays
policies created in ancestor domains, which you cannot edit. To view and edit policies created in a lower domain, switch to
that domain.
Administrators in ancestor domains
can deploy the same QoS policy to devices in different descendant domains.
Administrators in those descendant domains can use this read-only ancestor-deployed
QoS policy, or replace it with a local policy.