Why can traffic be seen in the QoS Real-time Monitoring, under Site Monitoring -> Real Time -> QOS for the selected site, that does not match the expected priority configuration?
For example, traffic that is assigned with QOS priority P30 in the Bandwidth Management window, appears in the Real-time QOS tab as priority P10.
Cato evaluates the network profile per network flow and assigns the priority after the application finalization. The first packets in a flow, before is identified, are assigned with the default priority. This priority is the highest QoS priority that is used in your network rulebase and is used when showing traffic in the Real-Time -> QOS site monitoring window. For example, if the highest priority used by a rule is P10, then the unfinalized flows are assigned with priority P10. Only after Cato inspects and determine the application, the flow is assigned with the configured priority based on your BW Management profiles in the rulebase.
- Unfinalized flows remain with QoS priority P10
- Blocked flows are assigned QoS priority P255
- The amount of the unfinalized traffic is minimal, with flows being finalized after a few packets at most.
- Lower priority profiles in the Bandwidth Management window (Network > Bandwidth Management) that aren't assigned to a network rule are ignored for the purposes of deciding the default priority.
For more information on QoS and Bandwidth Management please view the following documentation:
For more information on Real-time monitoring, please view the following video demonstration: