Qos question

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Qos question

L4 Transporter

PA-DEL-1.png

Hi,

I have traffic shaping enabled on FG and at the same time PA also.

traffic flow is as below 

client  goes through  FG then PA then go to internet or wan 

traffic shaping  policy running on  fortigate  , and qos policy is there on PA also 

Let's say if i set bandwidth for client A ON fortigate 10 Mbps and   20 Mbps on PA , Speedtest Showing 10 Mbps 

My expectation is  client should get 20 Mbps

PA in vwire mode  (qos enabled on LAn interface ) 

 

What could be the reason , How can I solve the issue 

Thanks

 

 

 

 

 

 

 

 

 

 

13 REPLIES 13

L7 Applicator

hi @simsim 

I don't see an issue here. I sounds like everything works as it is configured. To "solve" the issue you need to configure the fortinet also to 20 mbps.

Community Team Member

Hi @simsim ,

 

Agreed with @Remo .

If you throttle one side of a pipe you can't expect a bigger throughput on the other side.

 

Cheers,

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Hi,

"

Let's say if i set bandwidth for client A ON fortigate 10 Mbps and   20 Mbps on PA , Speedtest Showing 10 Mbps 

My expectation is  client should get 20 Mbps"

 

My question is  PALO ALTO won't override the QOS value set by the fortigate ?

 

Thanks

Hi @kiwi 

What if it is the other way around ? 

Let's say on FORTIGATE if I set 20Mbps and on PA set 10Mbps ?

Shall the client   get  20 Mbps ?

Thanks

Community Team Member

Hi @simsim ,

 

No, in that scenario the bottleneck will be the Palo Alto Device.  Your device will have 20Mbps through the Fortigate but once you reach the PA you will get 10Mbps.

 

In your first scenario you will have 10Mbps through the Fortigate to begin with ... the PA can't make 20Mbps out of the 10Mbps it's getting from the Fortigate.

 

If the devices are inline then the device with the most restricted speed will be the maximum speed for that pipe. 

 

Cheers,

Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Hi,

"If the devices are inline then the device with the most restricted speed will be the maximum speed for that pipe. "

 

Why palo alto not overriding the  qos value which is set by fortigate in this scenario 

Thanks

 

 

 

 

 

Hi @simsim 

 

No , Paloalto cannot override the QOS tweak done by fortinet. In this scenario it would be better to maintain QOS policies in only a single device ( FG or PA).

Thanks,

Ram 

Hi,

Paloalto cannot override the QOS tweak done by fortinet

Any reason for that  paloalto cannot overwrite /override . 

Or all the network devices behavior is same (eg : cisco router ) 

Thanks

HI @simsim ,

Assume we have ISP of 10 mbps , can we get 20 mbps using any device . The answer is certainly "NO".  in such a way pa is receiving only 10 mbps so it cant be increased . Any device cannot increase the bandwidth more than it recieved.

Hope it helps

Thanks,

Ram

Hi @RamprakashRT 

What if  it is the other way around , If fg set 20 Mbps and policy is for the device is 10Mbps 

just for final clarification 

Thanks

Hi @simsim 

What exactly do you mean with "policy for the device is set to 10mbps"?

But for such situations @kiwi already wrote it perfectly: "If the devices are inline then the device with the most restricted speed will be the maximum speed for that pipe."

Hi @Remo 

What exactly do you mean with "policy for the device is set to 10mbps"?

I mean  in the policy the bandwidth is set  to  10Mbps for a host .

 

Thanks

 

Hi @simsim 

In this case the single host will have a max. bandwidth of 10mbps and the others should get 20mbps. But it also depends if there is a priorization set on the traffic. If everything has the same priority and then th single host already consumes 10mbps, then for another host with is not limited specially, it will also get 10mbps so that you have in total the 20mbps.

  • 6488 Views
  • 13 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!