I assume all the Cisco is doing in this case is tagging the relevant packets with DSCP tags.
Generally speaking, we should leave those tags alone.
That said, there were some situations in the past where we would strip the DSCP tags.
What I would do to troubleshoot this is to review the relevant traffic as it traverses the gateway, reviewing the DSCP tags as they are received by the gateway and pass through it.
If the Cisco is doing something else to establish a QoS profile, that traffic would have to be allowed separately through the Security Gateway.