This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

real time flow from interfaces - how to get it?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

real time flow from interfaces - how to get it?

_slv_
L4 Transporter

‎12-12-2012 08:43 AM

Hello

On my old Juniper SSG device I had flow control where I can sow real time traffic on interfaces.

How can I do it with PAN? - using only GUI/CLI - not thirty party software?

With regards

SLawek

Labels:
0 Likes Likes
6 REPLIES 6

gwesson
L7 Applicator

‎12-12-2012 09:23 AM

There is no real-time flow by default. You could enable QoS on each interface you want to monitor. You would have to specify a profile (there is one by default) for each interface, and then in the Network > QoS section there is an Interface Statistics link. It will give you details about the applications and bytes flowing in real time, with a graph.

Note that enabling the QoS profile does not actually apply any QoS marking (DSCP) or modify the traffic. To do that you would need a QoS policy.

One final note: 5.0.0 had an issue displaying the QoS statistics as mentioned above. 5.0.1 solves that issue.

-Greg

mikand
L6 Presenter
In response to gwesson

‎12-12-2012 12:42 PM

The QoS fix in 5.0.1 seems to be broken, see for more information.

Regarding realtime flow, does slv mean something like (if it existed) "show session tail" ? Where you get a tcpdump lookalike output for all new sessions which are being setup?

_slv_
L4 Transporter
In response to mikand

‎12-13-2012 02:07 AM

Thx Gwesson - I will configure QoS.

About QoS in 5.x - In latest veriosn 5.0.1h1 its fixed:

46285 – Resolved the issue where QoS statistics were not displaying in the web interface.

Im still on PAN 4.1.8

>Regarding realtime flow, does slv mean something like (if it existed) "show session tail

I'm looking for solution that show me who (IP) generates much traffic in realtime. How to get this information in real time? I think thats posible only on CLI...

0 Likes Likes

_slv_
L4 Transporter
In response to gwesson

‎12-14-2012 07:11 AM

I got some strange (for me resoults) when I turn on QoS. My device is PA200 4.1.8

Im using two interfaces ethernet1/1 and ethernet 4/1 (4/1 has 8 subinterfaces (VLANs)).

I created in Network\QoS polices for ethernet 1/1 and 4/1 (with default profile).

First I enabled policy for 1/1 and .... FTP traffic from TotalCommander to Linux FTP serwer (from computer from 4/1 to serwer on 1/1) is at half speed!. Upload from computer to server is 6.2MB but download is 11.5MB. Why?

next i disable policy for 1/1 and enable for 4/1

Upload from computer to server is about 6.3MB and download 11.3MB.

Could someone explain me what is goin on?

0 Likes Likes

mikand
L6 Presenter
In response to _slv_

‎12-15-2012 01:52 AM

Regarding your original question, something like iptraf would be nifty if that existed in PA 🙂

http://iptraf.seul.org/shots.html

Regarding your QoS, when you enable QoS you always do that on egress interface (since this is where the PA can decide in which order the packets will leave the device).

Also when you enable QoS the performance will decrease - there is a list somewhere on this forum with some performance figures when QoS is enabled (its something like (for PA-5060 (edit: actually 4000 series and older)) 20Gbit/s firewall, 10Gbit/s threat, 5Gbit/s QoS or so).

Edit:

Here is the qos performance table I was thinking of:

https://live.paloaltonetworks.com/message/5367#5367

And according to the link below the qos engine was changed in 5000 series (so my example of 20/10/5 is a behaviour for the 4000 series and downwards)

https://live.paloaltonetworks.com/message/12541#12541

0 Likes Likes

_slv_
L4 Transporter
In response to mikand

‎12-15-2012 09:14 AM

iptraf is what Im looking for - but it exist on Linux not on PAN Smiley Sad - maybe Im wrong and exist ability similar to iptraf on PAN?

Qos performance table answered my question. 50MB is a limit for PA500 (and for younger brother PA200) - both has virtualized hardware.

So I made one step forward. But I still need help.

I have 8 intrefaces on local phisical 1/4. I have 1/4.1, 1/4.2 etc.

How to put different prosiles on it?

For example 1/4.3 is for WiFi - and I need to limit transfer to 4Mb upload and 4Mb download.

I know that upload I need to made on 1/1 (as is a output for traffic from WiFi), but how to do limit to download?

I have no option to select 1/4.3 as a interface inb QoS.

I read "QoS_in_PAN-OS.pdf" but it doesnt answered my question. I also searched this community forum but without usefull answers.

0 Likes Likes
  • 4252 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks