Skip to main content
Versa Networks

Configure QoS Policies and Rules

  1. Last updated
  2. Save as PDF

Versa-logo-release-icon.pngFor supported software information, click here.

To add QoS policies and rules, you first create an application policy to classify incoming traffic based on match criteria, such as application, source IP address, destination IP address, and incoming zone. Then, you specify the action to take when traffic matches the configured criteria.

QoS policies and rules belong to the Application subprofile type. To provide flexibility, you can attach one or more QoS policies to an Application subprofile, which allows you to create a group of QoS tools with different rules to reuse in different QoS subprofiles. You can add a QoS policy to an existing Application subprofile, or you can add it when you create a new subprofile. For more information, see Create a New Subprofile. You can add a QoS policy as a profile element that can then be used in one or more Application subprofiles. For more information, see Add New Application Elements.

You can build reusable application policies by navigating to the Policies > Application > QoS folder. You can also build policies and rules inline. These inline rules apply only to the policies currently being configured. You cannot reuse them in other subprofiles until you add them to the reusable Subprofiles folder by clicking the ellipsis to the right of Next and then selecting Save As.

save-as.png

Add a QoS Policy to an Existing Application Subprofile

  1. Go to Configure > Secure SD-WAN > Profiles > Sub Profiles > Application.

    qos-application-menu.png

    The screen displays the existing Application profiles.

    qos-profile-application-home.png
  2. To add a QoS policy, click an application subprofile (Application-SP in the screenshot above), or click the elipsis-icon.png Ellipsis icon, and then click the edit-icon.png Edit icon in the popup menu. The Edit Application Subprofile screen displays.

    qos-edit-app-subprofile-general.png
     
  3. Select the Policy tab, and then click + Policy.

    qos-edit-app-subprofile-policy-tab.png
     
  4. In the popup menu, select QoS. To create a new policy, click Create New Policy. To use an existing policy, click Choose Existing, and then select a policy from the list.

    qos-edit-app-subprofile-policy-create-new.png

    The Add QoS Policy screen displays, and Step 1, Rules is selected.

    add-qos-policy.png
     
  5. To change the columns displayed on the screen, click the Select Columns down arrow, and then select or deselect columns to choose the ones you want to display. To restore the default column settings, click Reset.

    add-qos-policy-select-columns.png
  6. In the Add QoS Policy screen, click Add Rule. The following screen displays.

    add-qos-policy-add-rule.png
  7. To create a new rule for the application policy, continue to Step 8. To add an existing rule:
    1. Click Add Existing Rule. The Add Existing QoS Rules screen displays the existing QoS rules.

      add-qos-policy-exisitng-qos-rules.png
    2. Select one or more rules. The selected rules move to the QoS Rules Selected pane.

      add-qos-policy-exisitng-qos-rules-selected.png
    3. To view the configuration elements for a selected rule, click the down arrow next to the rule, and then select a category to display the configuration elements for that category:
      • Applications or URLs
      • Classification
      • Network Layer 3-4
      • Variable Types
    4. Click Add Rules to add the QoS rules to the application policy.
  8. To create a new rule for the application policy, select Create Rule only for this Policy. The Add QoS Rule screen displays, and the Step 1, Applications & URLs and the Applications > Application Group tab is selected.

    add-qos-rule-app-urls.png
     
  9. On the Applications tab, you can select specific applications, application groups, or application categories to include in the match criteria. All applications are included by default. You can use this screen to customize which applications to include in the match criteria.
    • To select application groups for the rule to match, on the Applications > Application Group tab, click the group category (User Defined Application Groups or Predefined Application Groups), and then select the application groups for the rule to match. You can also use the Search bar to find specific application groups.

      add-qos-rule-app-urls-app-group.png
    • To select applications for the rule to match, select the Applications > Applications tab, click the group category (User-Defined Applications or Predefined Applications), and then select the applications. You can also use the Search bar to find specific applications.

      add-qos-rule-app-urls-app-application.png
    • To select predefined application categories for the rule to match, select the Applications > Application Category tab, and then select one or more predefined application categories. You can also use the Search bar to find specific application categories.

      add-qos-rule-app-urls-app-category.png
  10. Select the URL Categories and Reputations tab. The following screen displays.

    add-qos-rule-app-urls-url-category.png
     
  11. In the URL Categories field, click the down arrow, and then select one or more URL categories for the rule to match.
  12. In the Reputations field, click the down arrow, and then select one or more reputations to include in the rule:
    • High risk
    • Low risk
    • Moderate risk
    • Suspicious
    • Trustworthy
    • Undefined
  13. Click Next or select Step 2, Users & Groups.

    add-qos-rule-users-groups-step.png
     
  14. Select the user type to match with the QoS policy:
    • All Users
    • Known Users
    • Selected Users
    • Unknown Users
  15. To add an existing user group, click Selected Users and click the name of one or more user groups (Group in the screenshot below).

    qos-rule-users-groups-group.png
  16. To add a new user group, click + Add New User Group. The following screen displays.

    users-groups-add.png
    1. Enter a user group name and a distinguished name (DN).
    2. Click Add.
  17. Select the Users tab. To add existing users, click Selected Users, and then click the name of one or more users.

    qos-rule-users-groups-users.png
  18. To add a new user, click + Add New User. The following screen displays.

    qos-rule-users-groups-add-user.png
    1. Enter a user name and a work email address.
    2. Click Add.
  19. Click Next or select Step 3, Source & Destination Traffic. The following screen displays. By default, all source and destination traffic is included in the match criteria. You can use this screen to customize the source and destination traffic to include in the match criteria.

    qos-rule-src-dst-traffic-src-tab.png
  20. To customize the source traffic, on the Source Address tab, use one of the following methods:
    • To specify source addresses to include in the match criteria, continue with Step 21.
    • To specify source addresses to exclude from the match criteria, select Negate Source Address to match all source addresses except the source addresses that you specify, and then continue with Step 21.
  21. To specify a source address to include or exclude in the match criteria, you can select a source address from the list or use the search box to find a source address. To create a variable for the source address, click + Add Variable to the right of the source address list. Enter a name for the variable, click the add-icon.png Plus icon, and then click Add. You can add multiple variables.

    qos-rule-src-dst-traffic-add-variable.png
    You can also enter values for the fields IP Address or IP Range, IP Subnet, or IP Wildcard as part of the match criteria. To create variables for these values, click + Add Variable for that field.
    • To add a variable for the IP address or IP range, select IPv4 Address, IPv4 Range, or IPv6 Address from the drop-down list, click the add-icon.png Plus icon, and then click Add. You can add multiple variables.

      qos-rule-src-dst-traffic-add-variable-ipaddress.png
    • To add a variable for the IP subnet, select IP Subnet or IPv6 Subnet, click the add-icon.png Plus icon, and then click Add. You can add multiple variables.

      qos-rule-src-dst-traffic-add-variable-ipsubnet.png
    • To add a variable for the IP wildcard, enter a name for the variable, click the add-icon.png Plus icon, and then click Add. You can add multiple variables.

      qos-rule-src-dst-traffic-add-variable-ipwildcard.png
  22. Click the Destination Address tab. The following screen displays.

    qos-rule-src-dst-traffic-dst-tab.png
  23. To customize the destination traffic, use one of the following methods:
    • To specify destination addresses to include in the match criteria, continue to Step 24 to select addresses.
    • To specify destination addresses to exclude from the match criteria, select Negate Source Address to match all destination addresses except the addresses that you specify, and then continue to Step 24 to select addresses.
  24. To specify a destination address to include or exclude in the match criteria, you can select a destination address from the list or use the search box to find a destination address. To create a variable for the destination address, click + Add Variable to the right of the destination address list. You can also enter values for the fields IP Address or IP range, IP Subnet, or IP Wildcard as part of the match criteria. To create variables for these values, click + Add Variable for that field. For more information on adding variables, see step 21.
  25. Select the Source Zone and Sites tab. The following screen displays. All source zones and source sites are included in the match criteria by default. To customize the source zones and source sites to be included in the match criteria, enter information for the following fields.

    qos-rule-src-dst-traffic-src-zones-sites-tab.png
     
    Field Description
    Source Zones

    Click the down arrow, and then select one or more zones. To create a variable for the source zone, click add-blue-icon.png Add Variable.
    Source Sites

    Click the down arrow, and then select one or more sites. To create a variable for the source zone, click add-blue-icon.png Add Variable.
  26. Select the Destination Zone and Sites tab. By default, all destination zones and destination sites are included in the match criteria. To customize the destination zones and destination sites to be included in the match criteria, enter information for the following fields.

    qos-rule-src-dst-traffic-dst-zones-sites-tab.png
     
    Field Description
    Destination Zones

    Click the down arrow, and then select one or more zones. To create a variable for the source zone, click add-blue-icon.png Add Variable.
    Destination Sites

    Click the down arrow, and then select one or more sites. To create a variable for the source zone, click add-blue-icon.png Add Variable.
  27. Click Next or select Step 4, Service & DSCP. The following screen displays. All services, service groups, and differentiated services code points (DSCPs) are included in the match criteria by default. On this screen you can specify the services, service groups, and DSCPs to include in the match criteria.

    qos-rule-service-dscp-tab.png
  28. To specify the services to include, do one or both of the following:
    • In the search box under Services, enter the service name.
    • Select one or more services from the list below the search box. Click All Services to select a category to filter the list:
      • Predefined
      • User Defined
  29. Select the Service Groups tab, then select the service group to which you want to apply security access control rules. You can select User-Defined, Predefined, or both. Click the toggle-expand-icon.png Toggle Row Expand icon next to the service group name to view the details for each service group.

    qos-rule-service-dscp-service-groups-tab.png
  30. Select one or more service groups to include in the match criteria. The service groups are added to the Services list.
  31. Select the DSCP tab. All DSCP decimal values are included by default. You can specify which DSCP decimal values to include in the match criteria.

    qos-rule-service-dscp-dscp-tab.png
  32. Select one or more DSCP decimal values, or use search to locate one or more values.
  33. Click Next to go to Step 5, Classification. In the Classification field, select a classification criteria to classify the traffic. The list shows the classifications defined in the Profile Elements > Elements > QoS > Classification folder of reusable objects. For information about configuring QoS classifications, see Configure QoS Classification Elements.

    qos-rule-classification-tab.png
  34. Click Next to go to Step 6, Permissions, and revise the permissions, if needed.

    qos-rule-permissions-tab.png
     
  35. Click Next to go to Step 7, Review and Submit and then enter information for the following fields.

    qos-rule-review-submit-tab.png
     
    Field Description
    General (Group of Fields)
    • Name
    		 Enter a name or the rule.
    • Description
    		 Enter a description for the rule.
    • Tags
    		 Enter one or more tags. A tag is an alphanumeric text descriptor with no spaces or special characters. You can specify multiple tags added for the same object. The tags are used for searching the objects.
    • Schedule
    		 Select a schedule to set the time and frequency at which the rule is in effect.
    • Rule Enabled
    		 Click to disable the rule once it is saved. By default, the rule is enabled.
  36. Review the selected settings. Click the edit-blue-icon.png Edit icon to change a setting, as needed.
  37. Click Save to save the rule.
  38. In the Add QoS Policy screen, click Step 2, Permissions. The following screen displays.

    add-qos-policy-permissions.png
     
  39. To change the permissions for a role, select Edit, Hide, or Read in the Permissions column.
  40. Click Next to go to Step 3, Review and Submit.

    add-qos-policy-review-submit.png
     
  41. In the General box, enter a name for the QoS policy, and optionally enter a text description for the policy and one or more tags. A tag is an alphanumeric text descriptor with no spaces or special characters. You can specify multiple tags added for the same object. The tags are used for searching the objects.
  42. Review the settings you have selected. Click the edit-blue-icon.png Edit icon to change a setting, as needed.
  43. Click Save to create the QoS policy.

Note that you can create QoS policy rules in the Profile Elements also, in two places:

  • To create a QoS rule in the Profile Elements > Policies > Application folder, click QoS and then follow step 6 through step 43, above.

    configure-profile-elements-policies-application-left-nav-border.png
  • To create a QoS rule in the Profile Elements > Rules > Application folder, click QoS and then follow Step 8 through 37, above.

    configure-profile-elements-rules-application-left-nav-border.png

Attach QoS Policies to a Basic Master Profile

After you create a QoS policy, you can attach it to a basic master profile.

To attach QoS policies to a basic master profile:

  1. Go to Configure > Secure SD-WAN > Profiles > Master Profiles > Basic.

    sdwan-profiles-basic-menu.png

    The screen displays the configured basic master profiles.

    sdwan-master-profiles-default-basic.png
  2. Click the master profile to which you want to attach the QoS policy. The Edit Master Profile screen displays.
  3. Select the Profile > Application tab. Click +Policy, click the down arrow and select QoS, and then select Choose Existing.

    sdwan-edit-master-profiles-application-tab.png
  4. In the Choose Policies screen, select the QoS policy from the list, and then click Add.

    sdwan-edit-master-profiles-application-choose-policies.png

    The Edit Master Profile screen displays the QoS policies added.

    sdwan-edit-master-profiles-application-added-policies.png

Supported Software Information

Releases 10.2.1 and later support all content described in this article, except:

  • Release 12.1.1 adds support for the Negate Source Address and Negate Destination Address options when configuring a QoS rule.