topic Re: Query on QoS in General Topics

Query on QoS

Farzana — Fri, 07 Apr 2017 02:06:22 GMT

Hello,

We would like to configure QoS on PA to give priority to VOIP and video based traffic. The Internet connected to the FW is 100Mbps and the connection between the core switch and PA is 1Gbps.

If I make a QoS profile and I want a guaranteed bandwidth of 25Mbps, but what about max bandwidth? What do I set? 100 Mbps?

If so, when applying this profile to the Egress interfaces, won’t this cause an issue with the 1Gbps link?

Also am I able to just create a profile just for voip and video traffic to give them priority, and the rest of the traffic passes through normally after priority has been given to voip and video? Or do I have to create a profile for the rest of the traffic?

Thanks in advance.

Re: Query on QoS

reaper — Fri, 07 Apr 2017 07:51:05 GMT

Hi @Farzana

please check out this article as it explains QoS in more detail: Getting Started: Quality of Service

Once you activate QoS you'll need to account for all traffic, so you will want to make a few considerations for upload and download: QoS is applied on the egress interface

So this means you will have 2 different profiles used for every flow, any uploads to the internet will match the QoS profile on the external interface while downloads will hit the QoS profile on the trust interface

so consider this example

eth1/1 is untrust

eth1/2 is trust

eth1/3 is dmz

you can also differentiate between source interfaces, so if you want to limit download from the internet (eg eth1/1) but not from your DMZ (eg eth1/3) you can create a 100mbit profile on eth1/2 (trust) for source interface eth1/1 and a 1000mbit one for source interface eth1/3

make sure to use a different class than class4 for you video as class4 is the default for all traffic

hope this helps

Re: Query on QoS

Farzana — Sun, 09 Apr 2017 23:55:23 GMT

Thank you @reaperfor the reply.

So I want to apply QoS prioritisation on video and voice traffic to and from the internal network only. That is from the trust zone to the untrust zone, and between the untrust zone and the trust zone.

I only want to give prioritisation to video and voice, I would like all other traffic to be processed normally, I also do NOT want to shape traffic to or from the DMZ zone.

I understand that I need create two rules one for inbound and one for outbound.

But do I need to create policies for all other traffic? So I don’t set a max egress on the physical interface?

Thanks in advance.

Re: Query on QoS

reaper — Mon, 10 Apr 2017 07:44:39 GMT

Hi @Farzana

by default any sessions that do not match any policy,will be set as class4

So you could use class1 to shape your video/voice and then leave class4 open (no guarantee, no limit)

I would recommend setting a limit to the profile used for the internet so the total bandwidth cannot be exceeded

the DMZ profile can simply be set to a total limit of 1000 and no classes or policies defined (will default to class 4)