Re: Working example is set-tos needed
Looks like they changed QoS again with 6.2 (last time was 5.4). I need to read the documentation through again and more importantly test it before upgrading our entire FGT fleet and new deployment to 6.2. Thank you for a wakeup call.
At this moment, my guess is similar to yours but if I want to match those all 6 bits in the tos byte, like 0xb8 (101110xx), I would use tos-mask 0xfc (11111100). But I might be completely wrong.
I strongly recommend you open a ticket with TAC to get the right answer, including other part of QoS operation w/ 6.2.
We probably wouldn't need to use this DSCP matching unless they eliminated the system level DSCP mapping. But who knows. We'll likely open multiple tickets ourselves to figure them out.