topic Re: FTD QoS interface selection best practice in Network Security

FTD QoS interface selection best practice

Jack G — Tue, 24 Feb 2026 00:20:20 GMT

So I created a test rule to limited downloads for anything in the inside zone from outside zone (internet). If I select apply on destination or source interface it basically does the same rate limiting, which I think is ok. Does it really matter which interface I select for such a configuration? Should I use destination interface since it’s the closest to the internet server..?

For source interface objects I’m using inside zone and for destination interface objects I’m using outside zone. Rate is 10mbps up and down.

Re: FTD QoS interface selection best practice

balaji.bandi — Tue, 24 Feb 2026 08:08:12 GMT

i select outside zone to inside zone (source interface Outside)

The FMC's quality of service is "policing" (dropping packets), not "shaping" (buffering them). For TCP downloads, this will cause the sender to slow down naturally, but it can be "choppy" for UDP streams like video calls

Re: FTD QoS interface selection best practice

Jack G — Tue, 24 Feb 2026 13:50:43 GMT

If you source the outside zone, doesn’t this mean the connection must initiate from the outside for the QoS rule to apply? I suppose that’s ok for rate limiting traffic initiated from the outside.

May above question was an example rate limiting connections initiated from the inside to the outside and discussing which interface to apply the rating limiting on ie source or destination interface.

Re: FTD QoS interface selection best practice

balaji.bandi — Tue, 24 Feb 2026 15:53:27 GMT

But when you initiate the connection from inside to outside, the download will be outside to inside, that is the best I can think of to limit.

For a download (Internet Inside), the "Destination Interface" is your Inside Interface. By applying the limit here, you control traffic as it exits the firewall toward your users.