FTD QoS interface selection best practice

Jack G · ‎02-23-2026

So I created a test rule to limited downloads for anything in the inside zone from outside zone (internet). If I select apply on destination or source interface it basically does the same rate limiting, which I think is ok. Does it really matter which interface I select for such a configuration? Should I use destination interface since it’s the closest to the internet server..?

For source interface objects I’m using inside zone and for destination interface objects I’m using outside zone. Rate is 10mbps up and down.

balaji.bandi · ‎02-24-2026

i select outside zone to inside zone (source interface Outside)

The FMC's quality of service is "policing" (dropping packets), not "shaping" (buffering them). For TCP downloads, this will cause the sender to slow down naturally, but it can be "choppy" for UDP streams like video calls

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Jack G · ‎02-24-2026

If you source the outside zone, doesn’t this mean the connection must initiate from the outside for the QoS rule to apply? I suppose that’s ok for rate limiting traffic initiated from the outside.

May above question was an example rate limiting connections initiated from the inside to the outside and discussing which interface to apply the rating limiting on ie source or destination interface.

balaji.bandi · ‎02-24-2026

But when you initiate the connection from inside to outside, the download will be outside to inside, that is the best I can think of to limit.

For a download (Internet Inside), the "Destination Interface" is your Inside Interface. By applying the limit here, you control traffic as it exits the firewall toward your users.

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help