|
In some cases, it is necessary to modify the CoS for the traffic handled by FortiGate.
For example, in the internal network some sessions can have higher priority to achieve better QoS (Quality of Service). However, when the traffic is sent to the internet, the ISP can block traffic that is not marked as best effort.
Class of Service only refers to Layer 2 QoS (Quality of Service).
The class of Service for a session can be viewed in the session table:
diagnose sys session list
[...]
class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
vlan_cos indicates the CoS for the session. It has two values, the first one for the original direction, and the second one for the reply direction.
Possible values are:
- 255: This is the default value, the FortiGate will not change the CoS for the session.
- 0 to 7: CS0 is the lowest priority (best effort), while CS7 is the highest priority.
For example, if vlan_cos=0/255, it means that the FortiGate will change the CoS for packets matching the session in the original direction to CS0, while it will leave the CoS for the reply direction unchanged (255).
Notice that for self-originating traffic, the FortiGate will use CS0.
The Class of Service can be changed in the firewall policy by matching the session with the following commands:
config firewall policy
edit <ID>
set vlan-cos-fwd <value>
set vlan-cos-rev <value>
vlan-cos-fwd indicates the original direction, while vlan-cos-rev indicates the reply direction.
|
