- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-06-2017 07:06 PM
Hello,
We would like to configure QoS on PA to give priority to VOIP and video based traffic. The Internet connected to the FW is 100Mbps and the connection between the core switch and PA is 1Gbps.
If I make a QoS profile and I want a guaranteed bandwidth of 25Mbps, but what about max bandwidth? What do I set? 100 Mbps?
If so, when applying this profile to the Egress interfaces, won’t this cause an issue with the 1Gbps link?
Also am I able to just create a profile just for voip and video traffic to give them priority, and the rest of the traffic passes through normally after priority has been given to voip and video? Or do I have to create a profile for the rest of the traffic?
Thanks in advance.
04-10-2017 12:44 AM
Hi @Farzana
by default any sessions that do not match any policy,will be set as class4
So you could use class1 to shape your video/voice and then leave class4 open (no guarantee, no limit)
I would recommend setting a limit to the profile used for the internet so the total bandwidth cannot be exceeded
the DMZ profile can simply be set to a total limit of 1000 and no classes or policies defined (will default to class 4)
04-07-2017 12:51 AM
Hi @Farzana
please check out this article as it explains QoS in more detail: Getting Started: Quality of Service
Once you activate QoS you'll need to account for all traffic, so you will want to make a few considerations for upload and download: QoS is applied on the egress interface
So this means you will have 2 different profiles used for every flow, any uploads to the internet will match the QoS profile on the external interface while downloads will hit the QoS profile on the trust interface
so consider this example
eth1/1 is untrust
eth1/2 is trust
eth1/3 is dmz
you can also differentiate between source interfaces, so if you want to limit download from the internet (eg eth1/1) but not from your DMZ (eg eth1/3) you can create a 100mbit profile on eth1/2 (trust) for source interface eth1/1 and a 1000mbit one for source interface eth1/3
make sure to use a different class than class4 for you video as class4 is the default for all traffic
hope this helps
04-09-2017 04:55 PM
Thank you @reaperfor the reply.
So I want to apply QoS prioritisation on video and voice traffic to and from the internal network only. That is from the trust zone to the untrust zone, and between the untrust zone and the trust zone.
I only want to give prioritisation to video and voice, I would like all other traffic to be processed normally, I also do NOT want to shape traffic to or from the DMZ zone.
I understand that I need create two rules one for inbound and one for outbound.
But do I need to create policies for all other traffic? So I don’t set a max egress on the physical interface?
Thanks in advance.
04-10-2017 12:44 AM
Hi @Farzana
by default any sessions that do not match any policy,will be set as class4
So you could use class1 to shape your video/voice and then leave class4 open (no guarantee, no limit)
I would recommend setting a limit to the profile used for the internet so the total bandwidth cannot be exceeded
the DMZ profile can simply be set to a total limit of 1000 and no classes or policies defined (will default to class 4)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!