I would like to understand bandwidth limitation steps on Internet download and upload
Example - lets say i want to restrict steaming url category on download and upload
1. create QOS policy to map traffic going to inside to Internet youtube as Class 8 with DSCP marking
2. Create QOS Profile with class 8 to egress max/guaranteed
3. Apply QOS Interface on Egress INSIDE Interface for cleartext and Tunneled to its address DOWNLOAD
4. Apply QOS Interface on Egress INTERNET Interface for cleartext and Tunneled to its address UPLOAD
Do i need seperate QOS policy to match INGRESS from Internet and EGRESS to Internet separately to apply different mappings ? or does Palo capable of doing the QOS based on session with single QOS policy for traffic going to Internet ?
QoS marking is performed on the egress interface. The Palo Alto Networks firewall marks packets with DSCP (Differentiated Services Code Point ) values upon egress. Here, The egress interface for traffic depends on the traffic flow. If you are shaping incoming traffic, the egress interface is the internal-facing interface. If you are shaping outgoing traffic, the egress interface is the external-facing interface.
For Limiting Upload, QoS needs to be applied on the egress, which is a WAN interface.
For Limiting Download, so QoS will be on Egress interface which will be your LAN interface.
You need to have separate policies to match traffic flow as QoS policy rule will apply that class of service to traffic matched. You can have application based qos policy with Source & Destination zones any so this will get match for both upload and download.
Hope it helps you!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!