https://live.paloaltonetworks.com/t5/general-topics/qos-max-egress-no-effect/m-p/467192#M102766 <P>Thx for the hint. I changed the QoS rule from class 4 to 5, even then the values were strange, App and QoS rules pointing to the right traffic.</P><P>After using iperf to generate multiple sessions the values of the queues showed the expected behaviour.</P><P>&nbsp;</P> Mon, 21 Feb 2022 12:12:58 GMT Netzer 2022-02-21T12:12:58Z https://live.paloaltonetworks.com/t5/general-topics/qos-max-egress-no-effect/m-p/466144#M102655 <P>Hi there,</P><P>&nbsp;</P><P>I'm playing with QoS in our lab. I have a simple setup with two queue, first for SMB traffic, second for RDP traffic.</P><P>The max egress value is set, but when I transfer data, then both queues get bandwith values.</P><P>&nbsp;</P><P>What I am doing wrong here?</P><P>&nbsp;</P><P>&nbsp;<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PA QoS Monitor.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/39174i57F25DB4A66933DA/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="PA QoS Monitor.png" alt="PA QoS Monitor.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="PA QoS Profile.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/39171i9CE8322C73001E1C/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="PA QoS Profile.png" alt="PA QoS Profile.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="PA QoS Policies.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/39172iCE6611BB909FF12C/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="PA QoS Policies.png" alt="PA QoS Policies.png" /></span></P><P>&nbsp;</P> Wed, 16 Feb 2022 11:16:58 GMT https://live.paloaltonetworks.com/t5/general-topics/qos-max-egress-no-effect/m-p/466144#M102655 Netzer 2022-02-16T11:16:58Z https://live.paloaltonetworks.com/t5/general-topics/qos-max-egress-no-effect/m-p/466933#M102734 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/130557">@Netzer</a> ,</P> <P>I can think of two different reasons:</P> <P>1. Class 4 is always used for any traffic that does not match any of the QoS policy rules.</P> <P>2. You are using application&nbsp; with service "any" as matching criteria for QoS policy rules</P> <P>&nbsp;</P> <P>Number One:</P> <P>As you can also see at the bottom when creating QoS profile. All traffic that is not explicetly tagged will use class 4</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Astardzhiev_0-1645219003476.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/39213i0197AA97E9AD3FE1/image-size/medium?v=v2&amp;px=400" role="button" title="Astardzhiev_0-1645219003476.png" alt="Astardzhiev_0-1645219003476.png" /></span></P> <P>So I am guessing that even in lab environment wher there is not lot of traffic, there is still some background noise generated by the Windows hosts. All those traffic will not match any of your QoS Policy rules, so therefor it will be tagged with Class 4</P> <P>&nbsp;</P> <P>Number Two:</P> <P>In order to detect the application, firewall will need to forward first couple of packets in order to gather enough information to properly identify the application. When you set the rule to use "any service port", this rule will match any traffic, until the application is identified. Since your rule for tagging with class 4 is at the top it will always be hit first, until the application is identified, so first couple of packets for each new session will be tagged with class 4. </P> <P>&nbsp;</P> <P>I would suggest to make the following changes.</P> <P>- Use different class instead of class 4, this way you will not mix your test traffic with the background noise</P> <P>- Set service ports as "application-default" for both QoS Policy rules.</P> <P>&nbsp;</P> <P>I am <SPAN>curious with your current setup, while you running the test traffic (rdp or transfering files)</SPAN></P> <P><SPAN>- What is shown under tap Application, QoS Rules, above the graph from your screenshot?</SPAN></P> <P><SPAN>- What is shown after the changes I propsed?</SPAN></P> Fri, 18 Feb 2022 21:35:16 GMT https://live.paloaltonetworks.com/t5/general-topics/qos-max-egress-no-effect/m-p/466933#M102734 aleksandar.astardzhiev 2022-02-18T21:35:16Z https://live.paloaltonetworks.com/t5/general-topics/qos-max-egress-no-effect/m-p/467192#M102766 <P>Thx for the hint. I changed the QoS rule from class 4 to 5, even then the values were strange, App and QoS rules pointing to the right traffic.</P><P>After using iperf to generate multiple sessions the values of the queues showed the expected behaviour.</P><P>&nbsp;</P> Mon, 21 Feb 2022 12:12:58 GMT https://live.paloaltonetworks.com/t5/general-topics/qos-max-egress-no-effect/m-p/467192#M102766 Netzer 2022-02-21T12:12:58Z