Application control QoS rules stop working till reboot

Question

Hi, I have a firewall policy for clientless users that applies QoS to each user but at the same time have a policy to throttle youtube traffic. The problem is that everything works correctly for about 24 hours and then when I wake up in the morning, the application control part stops working. Disabling/enabling firewall policy doesn't work. If I reboot the firewall, everything works again. 
 The firewall keeps categorizing the apps correctly so that is not the problem. How can I restart the QoS daemon without restarting XG? 
 Here is the firewall policy 
 
 Here is when the QoS is working correctly with traffic shaping policy 25 (application control) 
 
 This is when it stops working and defaults to the user based QoS policy 
 
 Any hints??? 
 Regards Bill

sachingurung · Answer

Hi Bill, 
 Now that is interesting to see that the user traffic holds policy ID 25 in the first screenshot while the policy ID changes to 21 in the second screenshot. What I would really like to see here is a screenshot fo the FW rules. Check #1 in the guide here and do packet-capture, let us know which FW rule forwards the clientless user traffic; one when the TS policy works as defined and the next capture should be for the time when the TS policy stops working and takes on Policy ID 21. I want to check if the FW rule ID changes after 24 hours. 
 Also check Note A in the guide. Make sure the Clientless user based FW rule is on the top and explicitly defined for the clientless user. 
 Thanks

sachingurung · Answer

Hi, 
 Yes, I know that they are TS policies and not FW rule Policies. According to the technical architecture, TS policy applied in the FW rule i.e., policy ID 25 has a higher priority than ID 21. Hence, the traffic should not be shaped through policy 21 and should not be defined in the clientless user object unless explicit TS has to be configured on individual users; not defined globally via the FW rule. Please remove the TS policy from the User object. 
 Thanks