Limit bandwith in untrust interface

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
soporteseguridad
L4 Transporter

Limit bandwith in untrust interface

Hi,

 

I need to limit the bandwith in untrust interface. We replicate DB info to the Oracle cloud and we want to limit this traffic. We have 100Mbps bandwith, and we want to limit the Oracle cloud traffic 50Mbps max.

 

So this is what i configured:

 

Profile QoS: all the classes with 50Mbps max egress.

 

Capturavpn3.JPG

 

QoS config

 

eth1/1 is our untrust interface (100Mbps line)

tunnel interface, the profile was created before.

 

Captura1qos.JPG

vpn2.JPG

In "tunneled traffic" we add the tunnel for Oracle Cloud (tunnel.6) and the QoS profile.

 

Is that correct???

 

Going to statistics we dont see any number in runtime BW in tunnel???? not tunnel 6.... any idea??

 

tunel trafficshapping.JPG

OtakarKlier
Cyber Elite

Hello,

Enable the QoS profile you have on your Trust interface that is on same side as the Oracle server, i.e. inbound interface. Also do you have your QoS policy set? I didnt see it in the screen shots you provided, Policies->QoS.

 

https://live.paloaltonetworks.com/t5/Featured-Articles/Getting-Started-Quality-of-Service/ta-p/68633

 

Regards,

soporteseguridad
L4 Transporter

We need to control "Untrust" interface, because we are running backup in the ORACLE CLOUD. Not in our LAN. So we need to limit outbound interface to Oracle cloud. To connect with Oracle cloud we use a tunnel IPSEC. IS that above config correct?

 

I think its not necessary QoS policies to perform a limit in bandwith , right??? 

Qos policies is necessary is you want to classify any kind of traffic

BPry
Cyber Elite

@soporteseguridad,

QoS is how you rate limit traffic on a Palo Alto device. The QoS policy would map traffic destined to Oracle Cloud to a certain class; this class would then be configured with an Egress Max to limit that specific class to 50 instead of allowing it class flow through the generic class 4. 

soporteseguridad
L4 Transporter

Yes, but i only want con limit the BW for this tunnel to 50Mb (all the classes). I understand i dont need to use any policy QoS.

right?

OtakarKlier
Cyber Elite

Hello,

Yes the policy is what sets the limits on the traffic you have defined in the other QoS settings. It can be very granular, i.e. specific server to specific destination, etc.

 

Regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!