QOS Interfaces

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

QOS Interfaces

L0 Member

Hi,

I was wondering if anyone can tell me if there is a limit to the number of 'Clear Text Traffic - to QOS Profile' mappings you can create under the advanced options within a new QOS Interface? PANOS 4.0.2.

I want to setup a couple of QOS profiles, then tie these both to an egress interface depending on Source Subnet. I have about 400 subnets that I need to add. Does this list work like a rulebase whereby it will check down until it finds a match? If so I could look at supernetting a large number of these and putting the smaller more specific subnets higher up hence would not need nearly as many lines.

Thanks

6 REPLIES 6

L4 Transporter

Most of the models will allow 32 total QOS nodes per interface.  The bigger boxes (PA-5060, PA-5050, and PA-4060) will allow 64.  The list is processed first match top-down.

Cheers,

Kelly

L4 Transporter

The number varies depending on the model of the PAN device. See the matrix.png file for the capacity matrix.

Paloalto’s philosophy on QOS is that we use QOS to restrict bandwidth accorded applications vs. guaranteeing bandwidth to specific users or subnets. Of course our devices support both methods and any combinations of methods you might need but I would be remiss if I didn’t point this out.

~Phil

I can't work out why on the 5060 you can have 4000 QOS policies but only 64 nodes. Anyway...what I am actually doing is looking to deploy a pair of 5060's on the edge of a WAN network that has up to 400 LAN's hanging off it each assigned a /24 subnet range. I need to be able to QOS control traffic coming from each of those subnets individually. Without deploying a PAN at the end of each one of those links (obviously not going to happen!!) I need to know if I can treat each subnet as a seperate instance and effectively QOS control the individual links coming in to the WAN.

If I can only have 64 nodes then I would assume then I need to supernet the /24's some way in order to get them all covered in the list but I think the problem then is that each supernetted subnet would be assigned a profile instance and I am effectively having to treat them all like they are one. So for example then a QOS class that says max b/w 1Mbps for ftp would mean that collectively my group of LANs are restricted to only 1Mbps ftp instead of allowing each individual subnet to go up to 1Mbps which is what I  would want.

I hope this makes some sense!

Hi Neil,

Ths is indeed a complex problem that requires an indepth solution.

Maybe we can sit down offline and go through the network diagram and so on?

Best Regards

James

Sounds good. Thanks James.

L0 Member

I will take this up with James offline.

Thanks everyone.

  • 4223 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!