Let's say you have an interface for untrust zone, another for trust zone, a third for wifi, and a fourth for DMZ. Seems you want to be able to use QoS on all interfaces but not mess with DMZ. The process is to setup QoS on each interface with no limitations, so it functions as a monitor. Then use the QoS levels as buckets to hold your apps (see below). Finally, apply the actual caps to the QoS profile. There are a couple very good articles describing in detail how to setup QoS. Here is a quick summary of what I would do in your situation: First define QoS profiles for each zone, with a max set to 1000, and define the levels such that each has a guaranteed min of .01 & max of 1000. This setup allows you to begin monitoring the traffic on each interface. Once you apply each named policy to each interface (Trust-profile to Trust interface, etc.), you'll notice that all the traffic is in the default level 4. The next step is to actually control the traffic. So set levels 1-3 as bogus stuff, and levels 5 & above as time-sensitive and critical. Leave Level 4 alone, since that is your normal business traffic and catch all. For example, level 1 can be reserved for "games" and the highest level for "VoIP" - Using just this simple Q0S profile example, apply it to the Trust Interface and monitor QoS in the Network tab. You'll see the actual usage of these apps that you defined for each level. Once you understand what bandwidth the applications are actually using, go back to the profile and in the coresponding level, set a max limit for the bandwidth. By defining separate QoS profiles for each interface, you can monitor them all, with minimal configuration. Customize the profile assigned to the interface you want to manage, and you can actually control the traffic.
... View more