Hi @Netzer ,
I can think of two different reasons:
1. Class 4 is always used for any traffic that does not match any of the QoS policy rules.
2. You are using application with service "any" as matching criteria for QoS policy rules
As you can also see at the bottom when creating QoS profile. All traffic that is not explicetly tagged will use class 4
So I am guessing that even in lab environment wher there is not lot of traffic, there is still some background noise generated by the Windows hosts. All those traffic will not match any of your QoS Policy rules, so therefor it will be tagged with Class 4
In order to detect the application, firewall will need to forward first couple of packets in order to gather enough information to properly identify the application. When you set the rule to use "any service port", this rule will match any traffic, until the application is identified. Since your rule for tagging with class 4 is at the top it will always be hit first, until the application is identified, so first couple of packets for each new session will be tagged with class 4.
I would suggest to make the following changes.
- Use different class instead of class 4, this way you will not mix your test traffic with the background noise
- Set service ports as "application-default" for both QoS Policy rules.
I am curious with your current setup, while you running the test traffic (rdp or transfering files)
- What is shown under tap Application, QoS Rules, above the graph from your screenshot?
- What is shown after the changes I propsed?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!