VLAN Class of Service (vlan_cos) is part of the 802.1p standard where the value shown in the session table refers to the Class of Service (CoS) value assigned to a VLAN (Virtual LAN). This value is related to Quality of Service (QoS) in Ethernet frames and helps prioritize traffic at the layer 2 (Data Link Layer) level.

This is often used in scenarios where certain types of traffic, such as voice, video, or critical business applications, need to be prioritized over less important traffic.

When VLAN tagging is used in a network, each Ethernet frame is tagged with a VLAN ID and a PCP field. The PCP (Priority Code Point) is what determines the vlan_cos value. The vlan_cos tells the switch, router, or firewall what level of priority this traffic should have for forwarding decisions.

Traffic prioritisation value is represented between 0 to 7 within vlan_cos tagging where each increment is equivalent to criticality of the given established session.

These COS values generally fall under three categories:

• Ingress CoS: If traffic is coming into the FortiGate with a VLAN CoS value of 3, it will show as 3/255 in the session table.

class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=3/255

vlan_cos=0/255 indicates that the traffic has a default, lowest-priority CoS (0)  //means no priority has been assigned and is the default value.

• Admin CoS: If the administrator configures a CoS value for outbound traffic, it may display as 11/255 (meaning 8+3) in the session --output, but the actual CoS value sent will still be 3. The reason can be explained below: FortiGate uses this range to distinguish between admin-configured CoS and ingress CoS, but when the traffic leaves the device, only values between 0 and 7 can be used based on the 802.1p standard.
•  
• No CoS: If no CoS is applied, the session output will show 255/255, indicating that there is no CoS marking in use.
  class_id=0 ha_id=0 policy_dir=0 tunnel=/ helper=rsh vlan_cos=255/255.