Rate Limiting with QoS Policies

To perform policy-based rate limiting, configure and deploy QoS policies to managed devices. Each QoS policy can target multiple devices; each device can have one deployed QoS policy at a time.

Only one person should edit a policy at a time, using a single browser window. If multiple users save the same policy, the last saved changes are retained. For your convenience, the system displays information on who (if anyone) is currently editing each policy. To protect the privacy of your session, a warning appears after 30 minutes of inactivity on the policy editor. After 60 minutes, the system discards your changes.

Procedure

Step 1

Choose Devices > QoS.

Step 2

Click New Policy to create a new QoS policy and, optionally, assign target devices; see Creating a QoS Policy.

You can also Copy (copy icon) or Edit (edit icon) an existing policy.

Step 3

Configure QoS rules; see Configuring QoS Rules and QoS Rule Conditions.

The Rules in the QoS policy editor lists each rule in evaluation order, and displays a summary of the rule conditions and rate limiting configurations. A right-click menu provides rule management options, including moving, enabling, and disabling.

Helpful in larger deployments, you can Filter by Device to display only the rules that affect a specific device or group of devices. You can also search for and within rules; the system matches text you enter in the Search Rules field to rule names and condition values, including objects and object groups.

Note

Properly creating and ordering rules is a complex task, but one that is essential to building an effective deployment. If you do not plan carefully, rules can preempt other rules, require additional licenses, or contain invalid configurations. Icons represent comments, warnings, and errors. If issues exist, click Show Warnings to display a list. For more information, see Best Practices for Access Control Rules.

Step 4

Click Policy Assignments to identify the managed devices targeted by the policy; see Setting Target Devices for a QoS Policy.

If you identified target devices during policy creation, verify your choices.

Step 5

Save the QoS policy.

Step 6

Because this feature must allow some packets to pass, you must configure your system to examine those packets. See Best Practices for Handling Packets That Pass Before Traffic Identification and Specify a Policy to Handle Packets That Pass Before Traffic Identification.

Step 7

Deploy configuration changes.