This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Query on QoS

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Query on QoS

Go to solution
Farzana
L4 Transporter

‎04-06-2017 07:06 PM

Hello,

 

We would like to configure QoS on PA to give priority to VOIP and video based traffic. The Internet connected to the FW is 100Mbps and the connection between the core switch and PA is 1Gbps.

 

If I make a QoS profile and I want a guaranteed bandwidth of 25Mbps, but what about max bandwidth? What do I set? 100 Mbps?

If so, when applying this profile to the Egress interfaces, won’t this cause an issue with the 1Gbps link?

 

Also am I able to just create a profile just for voip and video traffic to give them priority, and the rest of the traffic passes through normally after priority has been given to voip and video? Or do I have to create a profile for the rest of the traffic?

 

Thanks in advance.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
reaper
Cyber Elite
Cyber Elite
In response to Farzana

‎04-10-2017 12:44 AM

Hi @Farzana

 

by default any sessions that do not match any policy,will be set as class4

 

So you could use class1 to shape your video/voice and then leave class4 open (no guarantee, no limit)

I would recommend setting a limit to the profile used for the internet so the total bandwidth cannot be exceeded 

the DMZ profile can simply be set to a total limit of 1000 and no classes or policies defined (will default to class 4)

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

3 REPLIES 3

Go to solution
reaper
Cyber Elite
Cyber Elite

‎04-07-2017 12:51 AM

Hi @Farzana

 

please check out this article as it explains QoS in more detail: Getting Started: Quality of Service

 

Once you activate QoS you'll need to account for all traffic, so you will want to make a few considerations for upload and download: QoS is applied on the egress interface

So this means you will have 2 different profiles used for every flow, any uploads to the internet will match the QoS profile on the external interface while downloads will hit the QoS profile on the trust interface

 

so consider this example

eth1/1 is untrust

eth1/2 is trust

eth1/3 is dmz

 

you can also differentiate between source interfaces, so if you want to limit download from the internet (eg eth1/1) but not from your DMZ (eg eth1/3) you can create a 100mbit profile on eth1/2 (trust) for source interface eth1/1 and a 1000mbit one for source interface eth1/3

 

 

qos sources limits.png

 

 

make sure to use a different class than class4 for you video as class4 is the default for all traffic

 

 

hope this helps

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Go to solution
Farzana
L4 Transporter
In response to reaper

‎04-09-2017 04:55 PM

Thank you @reaperfor the reply.

 

So I want to apply QoS prioritisation on video and voice traffic to and from the internal network only. That is from the trust zone to the untrust zone, and between the untrust zone and the trust zone.

I only want to give prioritisation to video and voice, I would like all other traffic to be processed normally, I also do NOT want to shape traffic to or from the DMZ zone.

 

I understand that I need create two rules one for inbound and one for outbound.

But do I need to create policies for all other traffic? So I don’t set a max egress on the physical interface?

 

Thanks in advance.

0 Likes Likes

Go to solution
reaper
Cyber Elite
Cyber Elite
In response to Farzana

‎04-10-2017 12:44 AM

Hi @Farzana

 

by default any sessions that do not match any policy,will be set as class4

 

So you could use class1 to shape your video/voice and then leave class4 open (no guarantee, no limit)

I would recommend setting a limit to the profile used for the internet so the total bandwidth cannot be exceeded 

the DMZ profile can simply be set to a total limit of 1000 and no classes or policies defined (will default to class 4)

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 1 accepted solution
  • 1932 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks