How to apply QOS on the Incoming traffic from Tunnel interface ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to apply QOS on the Incoming traffic from Tunnel interface ?

L3 Networker

Hi Team,

 

How to apply QOS on VPN tunnel ingress interface ? Please helps us

 

Regards

Mohammed Asik

 

 

5 REPLIES 5

Cyber Elite
Cyber Elite

Hello,

QoS is only applied to the egress interface.

 

https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/quality-of-service/configure-qos.html

 

Just create your QoS profiles and policies and apply them to the egress traffic interfaces.

 

Regards,

Hi Otakar,

 

Thanks for your replying on my query. Still i do have some more queries on this regards, while i am surfing some of the notes related for applying QOS Traffic i found that we can able to restrict the traffic seperately on both Uploading and Downloading traffic based on the traffic flows in the Firewall.

 

In the mentioned link i can understand that, We are able to apply the QOS for both Uploading and Downloading Traffic. 

(Link: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/quality-of-service/qos-egress-interface)

 

I do agree on your point that, QOS is only applicable for the Egress Traffic. So it means the traffic which is sending away from each port in the firewall.

 

In my scenario, we are having 22 s2s vpn tuunels which is destinated in my wan interface.

we have configured the bandwidth restriction of 2MB on wan interface and egress traffic is woking as expected.

 

My concern is, I want to restrict the tunnel traffic as 2MB which is enter through ? Is it possible ?

 

If possible how can we achieve this ? Please suggest us..

 

Thanking you in advance ..

 

Regards

Mohammed Asik

Hello,

Yes but the QoS policy has to be applied to the egress interface.

 

Regards,

Hi otakar

 

Yes i agree with your point.

 

In my environment LAN interface is the egress interface.  I have binded the 10 sub-interfaces in LAN interface

 

If i apply QOS on LAN interface, will it apply on the all sub-interface ?

 

If yes, How can i apply QOS profile in my lan interface alone ?

 

Regards

Mohammed Asik

To apply qos for incoming traffic from IPSEC tunnel you need to create appropriate QOS profile and apply it on eth1/1 ( untrust ) interface under tunneled traffic , select appropriate  tunnel interface  and QOS Profile.

 

Screenshot shown below.

 

MandarKulkarni_0-1591559991986.png

 

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 |
  • 9628 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!