QOS is something I am looking to start using for a few things but I just had a couple of questions about it.
So firstly, I can set a QOS rule and assign a class. I know I can create profiles on the class, but lets just say I use the default classes that are setup. If I create a rule saying that a particular range of IP's going through my internet connection have a class 8 for skype this should then limit the bandwidth they can use for this application correct?
Also, do I have to setup a rule for all other traffic or if not then what class does all other non specified traffic go on?
And lastly. The QOS profile needs to be applied to the interface the traffic will be coming in on or going out on?
Thanks in advance
Yes you are correct about skype but interface which is applied for QOS should be correct.
Default class is 4, so Traffic that does not match a QoS policy is assigned a default class 4.
Bandwidth is enforced on the egress interfaces on all PAN-OS platforms
You can read details about Qos QoS in PAN-OS 4.1
Is that still applicable for PAN-OS 5?
And sorry, are you saying just applying to the interface the traffic is going out on? Or does that not matter so much just as long as it is applied to one of those interfaces?
qos is implemented on egress interface only,
so if you have a LAN ans WAN interface for an easy example we can say
enable and use QOS profiles for WAN interface, you will limit upload traffic
for LAN interface, you will limit download traffic.
QoS is handled on egress interfaces. So, if you want to limit your outbound Skype traffic, you would create a QoS policy and apply it to your firewall's WAN interface. If you want to limit your inbound Skype traffic, then you would create a QoS policy and apply it to your firewall's LAN interface.
So if I do it on my Wan interface then I will need to set a QoS profile for each tunnel on that interface correct? At least that is what it seems to suggest when I tried it
if you are limiting traffic on the tunnel interface then yes, other wise for normal WAN traffic going out configure the QoS on the untrust/WAN interface of the PA.
Thanks for the explantion. I have another related question.
I have the following setup and want to limit traffic from VLAn 3779 to the Internet VLAN 3662 and the other way round. How must I do this? The problem is that I can configure QOS only on interface1/8 and not on subinterfaces. Thanks for your help.
This feature is not yet implemented on PAN OS. Please refer thread Re: QoS on Tagged VLAN Sub-interface
Subject: Sub-interface based QoS on PA-5000
FR ID: 1768
Subject: QoS Bandwidth Policing
FR ID: 2475
Please send your request to your SE as they have more insight on it and can vote on behalf of you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!