Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
05-02-2014 06:54 AM
In advance - thank you for your help.
I am trying to create a QoS profile. Here is my scenario. I want to apply a QoS profile to a public IP I own to do one of two things. 1 Give it priority over other traffic OR (complete opposite) rate-limit traffic FROM this IP out of my Internet interface on my PA.
What I am testing:
Created a QoS Profile called Test20 and gave it a 20 mbits egress maximum. Left guaranteed at 0. I associated to Class 8.
Created a QoS Policy and added my IP/zone as source and Internet/any/any as destination.
My problem: When I navigate to Network - QoS - I am unable to add my interface. The box 'Physical Interface' doesn't have what my Internet Egress interface is. I have Ethernet23/Ethernet/24 in an Aggregate group. I have a sub-interface off this aggregate which is my internet interface. My speedtest.net testing will go out this interface to my edge router. How can I apply a QoS policy as described above? Is this even possible?
PA-5050 running 5.0.8
Thanks again.
05-02-2014 10:04 AM
Hello Zach,
QoS is not supported on the PA firewalls at this time which is why you are not seeing it in the Physical Interface drop down of the QoS configuration.
A feature request (ID 1058) has been submitted for this but there is no ETA on when it would be fulfilled at the moment.
Regards,
tasonibare
05-02-2014 10:04 AM
Hello Zach,
QoS is not supported on the PA firewalls at this time which is why you are not seeing it in the Physical Interface drop down of the QoS configuration.
A feature request (ID 1058) has been submitted for this but there is no ETA on when it would be fulfilled at the moment.
Regards,
tasonibare
05-03-2014 07:07 PM
Hi Zach,
We ran into the same issue. QOS isn't supported on aggregate interfaces. This issue is due to hardware not supporting it on lower firewall models, like PA200, PA500. However, on higher models, such as the 5000 series, it's not supported due to software. Therefore, there is a chance it will be supported for the higher models in future PANOS software.
We ended up separating our MPLS and Internet connections into non-aggregate interfaces. We only kept the zones/vlans for our actual resources, such as PCI vlans, VDI vlans, etc... If you were using aggregate interface to allow for redundancy and/or more bandwidth, you can accomplish that with HA firewalls and/or using bgp/ospf routing. This worked great for us, we went with ibgp. Now we are able to do QOS and traffic shaping for traffic to MPLS and/or Internet. Hope this helps.
01-19-2015 06:56 AM
Any news on feature request ID 1058 ? we're also waiting for the feature. PA-3020.
01-19-2015 11:06 AM
Patrick,
Palo Alto does not discuss road map items in public forums. You should contact your Palo Alto sales engineer and do two things.
1-vote for the FR 1058 so your desire is recorded
2-ask for what road map updates he is able to provide
06-18-2015 12:28 PM
Another vote for QoS support on Aggregate Ethernets! I see it is still missing in 6.1. Have not looked at 7.0.
06-18-2015 12:48 PM
It's in 7.0. Supports 5000, 3000, 2000, and 500s. (The 7000 supported QoS on AE interfaces in 6.1).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
