QOS on the palo alto device is applied only on the egress interfaces, however you can apply Qos profiles for traffic ingressing from a specific source subnet.
So for example if you want to rate limit upload traffic from your guest/office network:
Here QOS is enabled on the Untrust (egress)interface, but you can configure multiple QOS profiles for traffic egressing Untrust, based on the source interface/subnet as well.
I'm guessing this may answer your original question partially unless you want to rate limit traffic ingressing Untrust interface like downloads, hope it helps.
Yes, you will enable QOS on the egress interface i.e. LAN and can select the WAN interface as the source interface for download traffic from the internet. Source subnet will be any.
Thanks for all the input everyone!
Does anyone know of documentation besides the one posted above that can better explain QoS profiles? I keep trying to test QoS in the labs and whenever I set up my profile and QoS settings, it gives me an error that states "the regular traffic guaranteed bandwidth is less than the sum of the total guaranteed bandwidth of its children." I tried modifying my bandwidth settings, but I'm not sure what to change. I know that the max/guaranteed bandwidth for each class has to be less than or equal to the max/guaranteed of the profile, but is there any other rules that I should know about?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!