Teams QOS

SFOS (v19, at least) has Traffic Shaping rules of several types, including Application rules, Firewall rules, User Rules, and something else I forget now. I use the Application-based rules rather than trying to add firewall-rule-based rules. Please search this forum for discussions of setting up Traffic Shaping, as there are multiple steps and places to go and it's easy to think you have it on when you do not.

In particular -- and I think this is right -- you'd want to:

1.Go to System Services > Traffic Shaping and make an Applications Shared Guarantee policy (three radio buttons) with the priority you want and the guarantee you want.

2. Applications > Traffic shaping default and use the filter on Category to find names containing Teams. Edit the appropriate entries to have the traffic shaping policy you created in step 1.

3, Go to Web > Policies and set up a policy. In my case, I took a policy that I was already using (which had a bunch of apps in a Deny section) and added a section with Allow which had my conferencing apps in it. These apps are the ones I added the policy to in step 2. The idea is that you want to allow them, of course, but given that they are explicitly allowed their traffic shaping policy can be applied.

4. In the applicable Firewall rule that the traffic will end up going through (which other traffic will probably also go through, you don't have to make a rule just for Traffic Shaping), go down to the Other security features section and under App Control, apply your policy from step 3. And check the box Apply application-based traffic shaping policy.

Maybe a step here is unnecessary, but it worked for me.

SFOS (v19, at least) has Traffic Shaping rules of several types, including Application rules, Firewall rules, User Rules, and something else I forget now. I use the Application-based rules rather than trying to add firewall-rule-based rules. Please search this forum for discussions of setting up Traffic Shaping, as there are multiple steps and places to go and it's easy to think you have it on when you do not.

In particular -- and I think this is right -- you'd want to:

1.Go to System Services > Traffic Shaping and make an Applications Shared Guarantee policy (three radio buttons) with the priority you want and the guarantee you want.

2. Applications > Traffic shaping default and use the filter on Category to find names containing Teams. Edit the appropriate entries to have the traffic shaping policy you created in step 1.

3, Go to Web > Policies and set up a policy. In my case, I took a policy that I was already using (which had a bunch of apps in a Deny section) and added a section with Allow which had my conferencing apps in it. These apps are the ones I added the policy to in step 2. The idea is that you want to allow them, of course, but given that they are explicitly allowed their traffic shaping policy can be applied.

4. In the applicable Firewall rule that the traffic will end up going through (which other traffic will probably also go through, you don't have to make a rule just for Traffic Shaping), go down to the Other security features section and under App Control, apply your policy from step 3. And check the box Apply application-based traffic shaping policy.

Maybe a step here is unnecessary, but it worked for me.