Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Nominated Discussion: Understanding QoS

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Community Team Member
No ratings

tags: next-generation firewall, network security, routing, QoS, advanced administration

 

This Nominated Discussion Article is based on the post " Confused about QoS on Palo, need some assistance" by @latechguy    and answered by Cyber Elite @TomYoung  Read on to see his response!

 

My understanding is that QoS only really applies to egress.

The issue I faced this week was with Apple updates killing the ingress and impacting sip trunks.

Egress didn't appear to be an issue.

 

Now with that said, would applying QoS within our Palos help in any way when it comes to the sip trunks if the issue is with ingress being saturated?

 

What could you possibly do in this case?

 

Yes!  This can be done.  See the 2nd paragraph in this article.  https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClS0CAK

 

" An important concept to keep in mind is that a QoS profile is applied on the egress interface of a packet that is traveling through the firewall. This would mean, for example, that to limit upload, a QoS profile needs to be enabled on the untrust interface and to limit download, a QoS profile needs to be enabled on the trust interface. "

 

You can limit your untrust ingress by applying policy to your trust egress, especially with TCP-based traffic, which will decrease the sliding window based upon packet loss.  The article also has good stuff for your SIP trunks.

 

Thanks,

 

Tom

 

Rate this article:
  • 1863 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Labels
Article Dashboard
Version history
Last Updated:
‎10-11-2023 08:35 AM
Updated by: