This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

QOS Policy config with Destination NAT Traffic

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

QOS Policy config with Destination NAT Traffic

hbshin
L2 Linker

‎01-23-2019 12:52 AM - edited ‎01-23-2019 12:56 AM

Hi, all

How can i set to config QoS Policy for Destination NAT Traffic from untrust to untrust zone.

I searched for related knowledge but could not find it.

which one is right?
untrust to untrust (Public IP)
untrust to trust (Public IP)
untrust to trust (Private IP)

Thanks.
0 Likes Likes
2 REPLIES 2

Remo
L7 Applicator

‎01-26-2019 01:32 PM

Hi @hbshin

 

Hmn ... I would try the same as with the security policy: post-NAT destination zone and pre-NAT destination IP.

... and if this does nlt work, simply create different rules for testing with differdnt QoS classes assinged and check which QoS class will the connections have assigned.

0 Likes Likes

reaper
Cyber Elite
Cyber Elite

‎01-28-2019 03:04 AM

QoS is applied on the egress interface (post-nat), whereas NAT is determined based on the pre-NAT IP  route lookup

 

is your NAT going to be a traditional untrust to untrust, translated to an internal IP, or are you intending to receive connections on the untrust, apply NAT (to another external IP) and then send packets back out of the untrust ? (u-turn on the outside ? )

 

 

in the former, you'd set your NAT untrust to untrust, and your QoS + security policies untrust to dmz/trust

in the latter, you'd have all your policies set to untrust-untrust

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes
  • 2295 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks