I need to limit the bandwith in untrust interface. We replicate DB info to the Oracle cloud and we want to limit this traffic. We have 100Mbps bandwith, and we want to limit the Oracle cloud traffic 50Mbps max.
So this is what i configured:
Profile QoS: all the classes with 50Mbps max egress.
eth1/1 is our untrust interface (100Mbps line)
tunnel interface, the profile was created before.
In "tunneled traffic" we add the tunnel for Oracle Cloud (tunnel.6) and the QoS profile.
Is that correct???
Going to statistics we dont see any number in runtime BW in tunnel???? not tunnel 6.... any idea??
Enable the QoS profile you have on your Trust interface that is on same side as the Oracle server, i.e. inbound interface. Also do you have your QoS policy set? I didnt see it in the screen shots you provided, Policies->QoS.
We need to control "Untrust" interface, because we are running backup in the ORACLE CLOUD. Not in our LAN. So we need to limit outbound interface to Oracle cloud. To connect with Oracle cloud we use a tunnel IPSEC. IS that above config correct?
I think its not necessary QoS policies to perform a limit in bandwith , right???
Qos policies is necessary is you want to classify any kind of traffic
QoS is how you rate limit traffic on a Palo Alto device. The QoS policy would map traffic destined to Oracle Cloud to a certain class; this class would then be configured with an Egress Max to limit that specific class to 50 instead of allowing it class flow through the generic class 4.
Yes, but i only want con limit the BW for this tunnel to 50Mb (all the classes). I understand i dont need to use any policy QoS.
Yes the policy is what sets the limits on the traffic you have defined in the other QoS settings. It can be very granular, i.e. specific server to specific destination, etc.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!