Created on
04-01-2022
02:36 AM
Edited on
03-16-2025
01:35 PM
By
Stephen_G
Description
This article describes how to traffic shape or prioritize traffic locally originating traffic using ToS or DSCP.
Scope
FortiGate.
Solution
There are two types of traffic mapping: Type of Service (ToS) or DSCP (Differentiated Services Code Point).
Only one method can be used at a time, with ToS set as the default method.
The type used and attributes can be set in the CLI.
To set ToS or DSCP traffic mapping:
config system global
set traffic-priority {tos | dscp} <- Default value TOS.
set traffic-priority-level {low | medium | high} <- Default value High.
end
This means, by default, the local traffic will always have the highest priority.
Mapping of DSCP and ToS hexadecimal values for QoS.
Service Class | DSCP Class |
DSCP Bits | DSCP Value | ToS Value | ToS Hexidecimal |
Network Control | cs7 | 111000 | 56-63 | 224 | 0xE0 |
Internetwork Control | cs6 | 110000 | 48-55 | 192 | 0xC0 |
Critical - Voice Data (RTP) | ef | 101110 | 46 | 184 | 0xB8 |
cs5 | 101000 | 40 | 160 | 0xA0 | |
Flash Override Video Data | af43 | 100110 | 38 | 152 | 0x98 |
af42 | 100100 | 36 | 144 | 0x90 | |
af41 | 100010 | 34 | 136 | 0x88 | |
cs4 | 100000 | 32 | 128 | 0x80 | |
Flash Voice Control | af33 | 011110 | 30 | 120 | 0x78 |
af32 | 011100 | 28 | 112 | 0x70 | |
af31 | 011010 | 26 | 104 | 0x68 | |
cs3 | 011000 | 24 | 96 | 0x60 | |
Immediate Deterministic (SNA) | af23 | 010110 | 22 | 88 | 0x58 |
af22 | 010100 | 20 | 80 | 0x50 | |
af21 | 010010 | 18 | 72 | 0x48 | |
cs2 | 010000 | 16 | 64 | 0x40 | |
Priority Controlled Load | af13 | 001110 | 14 | 56 | 0x38 |
af12 | 001100 | 12 | 48 | 0x30 | |
af11 | 001010 | 10 | 40 | 0x28 | |
cs1 | 001000 | 8 | 32 | 0x20 | |
Routine - Penalty Box | 000010 | 2 | 8 | 0x08 | |
Routine - Best Effort | 000000 | 0 | 0 | 0x00 |
In earlier versions of FortiOS v6.4, v7.0, and v7.2, the above commands were the only ones that could be used to change traffic priority.
Starting FortiOS v7.4+ supports DSCP and VLAN CoS marking for both local-in and local-out traffic. See the documentation for this.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.