We are looking to implement QoS on our Palo Alto device for our voice traffic. We are currently tagging voice traffic with DSCP 46(ef). This is done at the source using Windows group policy to tag all traffic that originates from application "lync.exe". We can see the traffic is definitely being tagged by performing a pcap at different points in the network.
We want to make sure that the Palo Alto firewall is honoring this DSCP marking and prioritizing the traffic over everything else. So a few questions to that end are:
1) Setting the DSCP marking in a security policy, is this only marking the traffic? Is it mandatory for QoS to function since we are already marking the traffic using Windows GPO? I think this isnt required.
2) Does the Palo Alto firewall ONLY prioritize traffic that traverses from one zone to another?
3) Can I use the default QoS profile?