Question on QOS

Reply
L3 Networker

Question on QOS

QOS is something I am looking to start using for a few things but I just had a couple of questions about it.

So firstly, I can set a QOS rule and assign a class. I know I can create profiles on the class, but lets just say I use the default classes that are setup. If I create a rule saying that a particular range of IP's going through my internet connection have a class 8 for skype this should then limit the bandwidth they can use for this application correct?

Also, do I have to setup a rule for all other traffic or if not then what class does all other non specified traffic go on?

And lastly. The QOS profile needs to be applied to the interface the traffic will be coming in on or going out on?

Thanks in advance

L6 Presenter

Re: Question on QOS

Hi,

Yes you are correct about skype but interface which is applied for QOS should be correct.

Default class is 4, so Traffic that does not match a QoS policy is assigned a default class 4.

Bandwidth is enforced on the egress interfaces on all PAN-­OS platforms

You can read details about Qos QoS in PAN-OS 4.1

L3 Networker

Re: Question on QOS

Is that still applicable for PAN-OS 5?

And sorry, are you saying just applying to the interface the traffic is going out on? Or does that not matter so much just as long as it is applied to one of those interfaces?

L6 Presenter

Re: Question on QOS

qos is implemented on egress interface only,

so if you have a LAN ans WAN interface for an easy example we can say

enable and use QOS profiles for WAN interface, you will limit upload traffic

for LAN interface, you will limit download traffic.

L7 Applicator

Re: Question on QOS

QoS is handled on egress interfaces.  So, if you want to limit your outbound Skype traffic, you would create a QoS policy and apply it to your firewall's WAN interface.  If you want to limit your inbound Skype traffic, then you would create a QoS policy and apply it to your firewall's LAN interface. 

L3 Networker

Re: Question on QOS

So if I do it on my Wan interface then I will need to set a QoS profile for each tunnel on that interface correct? At least that is what it seems to suggest when I tried it

L4 Transporter

Re: Question on QOS

if you are limiting traffic on the tunnel interface then yes, other wise for normal WAN traffic going out configure the QoS on the untrust/WAN interface of the PA.

L2 Linker

Re: Question on QOS

Thanks for the explantion. I have another related question.

I have the following setup and want to limit traffic from VLAn 3779 to the Internet VLAN 3662 and the other way round. How must I do this? The problem is that I can configure QOS only on interface1/8 and not on subinterfaces. Thanks for your help.

interface.png

L3 Networker

Re: Question on QOS

Hello Peri,

This feature is not yet implemented on PAN OS.  Please refer thread  Re: QoS on Tagged VLAN Sub-interface

Subject: Sub-interface based QoS on PA-5000

Priority: High

FR ID: 1768

Subject: QoS Bandwidth Policing

Priority: High

FR ID: 2475

Please send your request to your SE as they have more insight on it and can vote on behalf of you.

Regards,

Jahnavi.

L2 Linker

Re: Question on QOS

Thanks for the fast answer. Can you tell me what this option is useful for?

qos.png

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!