Usually i'm do FBF based on source ip address only. But may i know whether FBF can do based on below:
b.) AD / User Group
Thanks and appreciate someone feedback
It can do based on Applications(Port number) but not based on Zone or User group. FBF will be applied to Interface where you want to do forwarding so matching interface in filter is not needed. But firewall filter does provide Interface as term to choose. IP address, Protocol, Port, IP options, TCP flags, DSCP are the various filters to match when using firewall filter. You can goto firewall filter and hit ? to get various possible fields to match with.
To add to what has been already answered:
a) FBF on application - You could possibly do it indirectly:
1/ let AppQoS tag Your packets with Forwarding Class
2/ do output FBF based on Forwarding Class.
Obviously, You have to sacrifice a FC per application or group of applications.
Disclaimer - I haven't tested this myself.
Thanks for the feedback. Its look like when i'm use "term 1 from ?" the zone and AD not not have.
Thanks again for your help.