I have the scenario , user wants upload or stream to outside the campus.
Pa in virtual wire mode and after pa there is ASA firewall ,
How can I makesure the streaming or uploading is not interuptted by other traffic
have you checked out this article already? Getting Started: Quality of Service
If you want to make sure the outbound traffic has a bandwidth guarantee, you'll need to create a QoS profile with one class that has a bandwidth guarantee set to it. you will want to attach that profile to your external interface (QoS is applied on the _egress_ interface of the flow) and create a QoS policy to identify this user's outbound stream to that class
From qos policy , how palo alto differentiate between policy for uploading and downloading ?
for example an ip 192.168.1.100 is streaming an av ,the source must be 192.168.1.100 and if class 3 and we have same class 3
The different egress zones. The download policy would be the QoS on the trust interface, where the upload policy would be the Qos Policy on the UnTrust interface. Therefore the traffic passing through the same class doesn't really matter, since uploading and downloading is never done through the same egress zone.
For example if the topology like below , Is it enough to mark the qos only on PA or does it required to mark on other routers ,switch and asa( nating happening here) .
PA Is in vwire mode
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!