I have to allow certain streaming music apps (Spotify, Pandora, etc.) though my PA and I've been trying to see how that bandwidth looks like first before I allow it and throw it in a QoS ploicy for the rest of my company. I created a rule to allow the Spotify application outbound for just myself and created QoS policy on the PA that would limit it, but is showing up as an incomplete application in the traffic logs and the QoS statistics logs are not factoring in my music traffic. I am able to stream muxic when my rule is active, but unsure why it is not being classified correctly.
Any thoughts to why it is showing up as incomplete?
Solved! Go to Solution.
Are you doing SSL decryption? If yes then its probably getting blocked at the application layer. Check the traffic logs to see where its getting blocked. Incomplete means that it didnt have enough traffic to figure out the application or its a routing issue, but sounds like the traffic issue.
Hope that helps.
SSL Decrypt was part of the problem, but after further testing, I found out that the actual music streaming from Spotify gets classified as ssl or web-browsing, which makes it difficult to try and put it under a QoS policy. It would be nice if you could make a QoS policy based off URL Category and not just applications.
Are there any recommendations on how I can approach this differently?
QoS Policy rules based on URL categories are possible: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/quality-of-service/qos-concepts/qos-...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!