06-18-2019 03:24 AM
Hi Team,
How to apply QOS on VPN tunnel ingress interface ? Please helps us
Regards
Mohammed Asik
06-18-2019 07:23 AM
Hello,
QoS is only applied to the egress interface.
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/quality-of-service/configure-qos.html
Just create your QoS profiles and policies and apply them to the egress traffic interfaces.
Regards,
06-19-2019 12:55 AM
Hi Otakar,
Thanks for your replying on my query. Still i do have some more queries on this regards, while i am surfing some of the notes related for applying QOS Traffic i found that we can able to restrict the traffic seperately on both Uploading and Downloading traffic based on the traffic flows in the Firewall.
In the mentioned link i can understand that, We are able to apply the QOS for both Uploading and Downloading Traffic.
(Link: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/quality-of-service/qos-egress-interface)
I do agree on your point that, QOS is only applicable for the Egress Traffic. So it means the traffic which is sending away from each port in the firewall.
In my scenario, we are having 22 s2s vpn tuunels which is destinated in my wan interface.
we have configured the bandwidth restriction of 2MB on wan interface and egress traffic is woking as expected.
My concern is, I want to restrict the tunnel traffic as 2MB which is enter through ? Is it possible ?
If possible how can we achieve this ? Please suggest us..
Thanking you in advance ..
Regards
Mohammed Asik
06-19-2019 07:27 AM
Hello,
Yes but the QoS policy has to be applied to the egress interface.
Regards,
06-20-2019 01:16 AM
Hi otakar
Yes i agree with your point.
In my environment LAN interface is the egress interface. I have binded the 10 sub-interfaces in LAN interface
If i apply QOS on LAN interface, will it apply on the all sub-interface ?
If yes, How can i apply QOS profile in my lan interface alone ?
Regards
Mohammed Asik
06-07-2020 01:01 PM
To apply qos for incoming traffic from IPSEC tunnel you need to create appropriate QOS profile and apply it on eth1/1 ( untrust ) interface under tunneled traffic , select appropriate tunnel interface and QOS Profile.
Screenshot shown below.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
