I am not talking about the qos policy rule , I am talking about the profile .
I just to mentioned 'youtube ' for easy understanding .
If I rephrase my question , It would be like below
If a user browsing internet , Do I need to set download and upload profile (egress and ingress)
To get best results you should decrypt traffic.
I have seen cases when Youtube was identified as SSL without decyption.
As traffic comes from outside and heading inside you can't apply QoS to outside interface because at that point you don't know yet what this traffic is.
You need to let it into firewall to be analyzed and apply QoS profile to internal interface where traffic exits the firewall.
On the other hand if you want to QoS Youtube upload then you apply QoS to outside interface as traffic egress point is outside interface.
QoS shaping is applied the moment a packet is about to leave the firewall (on the egress interface):
- to limit downloads the QoS profile on the internal interface is used (packets flowing from the internet and exiting onto your local network)
- to limit uploads, the QoS profile of the untrust interface is applied (packet flowing from the lan and exiting onto the internet
in a single session 2 different QoS profiles can be hit (outbound and inbound packets)
A user just browsing cnn.com ,that means useer downloads and uploads the same time . Is there any issue If we just applied profile for limiting download only . What I mean does this effect CIR which is committed by ISP
its perfectly possible to only create a profile to linit downloads and not interfere with uploads at all (QoS does not even need to be enabled on the upstream interface)
hope this helps
Thank you for your reply . You are always great help ! .
I just want rearrange my very basic and general qos question , Let's say we have a 10 Mb download commitement with ISP .And we have not yet applied any qos profile ,so the user will be able to take all the bandwidth which is 10 Mb .
Now we have created a profile and applied on egress with 5 classes and each class is 2 Mb limit with same priority and the user is in class 1 .What will happen in this case ? .How the qos will help us
2) How this help us ISP's dropping the traffic ?
Thanks a million
I don't think it makes sense to set up 5 classes with 2Mbit each as if other classes are not in use then you don't use your full capability.
Few things that make sense to throttle are Dropbox application, Update applications using Application filter, Update URLs (for example create custom URL category and add MS update URL into it) etc.
Can you explain your issue?
ISP is dropping packets?
So what? If you enable QoS then it will be Palo who will drop packets to throttle traffic. Palo has to throw away packet from here and packet from there but TCP is smart and "tcp flow control" will keep traffic around the range you set with QoS.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!