Question on QOS

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Question on QOS

L3 Networker

QOS is something I am looking to start using for a few things but I just had a couple of questions about it.

So firstly, I can set a QOS rule and assign a class. I know I can create profiles on the class, but lets just say I use the default classes that are setup. If I create a rule saying that a particular range of IP's going through my internet connection have a class 8 for skype this should then limit the bandwidth they can use for this application correct?

Also, do I have to setup a rule for all other traffic or if not then what class does all other non specified traffic go on?

And lastly. The QOS profile needs to be applied to the interface the traffic will be coming in on or going out on?

Thanks in advance


L6 Presenter


Yes you are correct about skype but interface which is applied for QOS should be correct.

Default class is 4, so Traffic that does not match a QoS policy is assigned a default class 4.

Bandwidth is enforced on the egress interfaces on all PAN-­OS platforms

You can read details about Qos QoS in PAN-OS 4.1

Is that still applicable for PAN-OS 5?

And sorry, are you saying just applying to the interface the traffic is going out on? Or does that not matter so much just as long as it is applied to one of those interfaces?

qos is implemented on egress interface only,

so if you have a LAN ans WAN interface for an easy example we can say

enable and use QOS profiles for WAN interface, you will limit upload traffic

for LAN interface, you will limit download traffic.

QoS is handled on egress interfaces.  So, if you want to limit your outbound Skype traffic, you would create a QoS policy and apply it to your firewall's WAN interface.  If you want to limit your inbound Skype traffic, then you would create a QoS policy and apply it to your firewall's LAN interface. 

So if I do it on my Wan interface then I will need to set a QoS profile for each tunnel on that interface correct? At least that is what it seems to suggest when I tried it

if you are limiting traffic on the tunnel interface then yes, other wise for normal WAN traffic going out configure the QoS on the untrust/WAN interface of the PA.

L2 Linker

Thanks for the explantion. I have another related question.

I have the following setup and want to limit traffic from VLAn 3779 to the Internet VLAN 3662 and the other way round. How must I do this? The problem is that I can configure QOS only on interface1/8 and not on subinterfaces. Thanks for your help.


Hello Peri,

This feature is not yet implemented on PAN OS.  Please refer thread  Re: QoS on Tagged VLAN Sub-interface

Subject: Sub-interface based QoS on PA-5000

Priority: High

FR ID: 1768

Subject: QoS Bandwidth Policing

Priority: High

FR ID: 2475

Please send your request to your SE as they have more insight on it and can vote on behalf of you.



Thanks for the fast answer. Can you tell me what this option is useful for?


  • 9 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!