Limit bandwith in untrust interface

Reply
Highlighted
L4 Transporter

Limit bandwith in untrust interface

Hi,

 

I need to limit the bandwith in untrust interface. We replicate DB info to the Oracle cloud and we want to limit this traffic. We have 100Mbps bandwith, and we want to limit the Oracle cloud traffic 50Mbps max.

 

So this is what i configured:

 

Profile QoS: all the classes with 50Mbps max egress.

 

Capturavpn3.JPG

 

QoS config

 

eth1/1 is our untrust interface (100Mbps line)

tunnel interface, the profile was created before.

 

Captura1qos.JPG

vpn2.JPG

In "tunneled traffic" we add the tunnel for Oracle Cloud (tunnel.6) and the QoS profile.

 

Is that correct???

 

Going to statistics we dont see any number in runtime BW in tunnel???? not tunnel 6.... any idea??

 

tunel trafficshapping.JPG

Highlighted
Cyber Elite

Re: Limit bandwith in untrust interface

Hello,

Enable the QoS profile you have on your Trust interface that is on same side as the Oracle server, i.e. inbound interface. Also do you have your QoS policy set? I didnt see it in the screen shots you provided, Policies->QoS.

 

https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-Quality-of-Service/ta-p/68633

 

Regards,

Highlighted
L4 Transporter

Re: Limit bandwith in untrust interface

We need to control "Untrust" interface, because we are running backup in the ORACLE CLOUD. Not in our LAN. So we need to limit outbound interface to Oracle cloud. To connect with Oracle cloud we use a tunnel IPSEC. IS that above config correct?

 

I think its not necessary QoS policies to perform a limit in bandwith , right??? 

Qos policies is necessary is you want to classify any kind of traffic

Highlighted
Cyber Elite

Re: Limit bandwith in untrust interface

@soporteseguridad,

QoS is how you rate limit traffic on a Palo Alto device. The QoS policy would map traffic destined to Oracle Cloud to a certain class; this class would then be configured with an Egress Max to limit that specific class to 50 instead of allowing it class flow through the generic class 4. 

Highlighted
L4 Transporter

Re: Limit bandwith in untrust interface

Yes, but i only want con limit the BW for this tunnel to 50Mb (all the classes). I understand i dont need to use any policy QoS.

right?

Highlighted
Cyber Elite

Re: Limit bandwith in untrust interface

Hello,

Yes the policy is what sets the limits on the traffic you have defined in the other QoS settings. It can be very granular, i.e. specific server to specific destination, etc.

 

Regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!