Who Me Too'd this topic

Who Me Too'd this topic

Not applicable

IPSec Tunnel QoS

I have a PA-2050 running 4.0.7. I have an IPSec tunnel that runs between 2 sites (one is a Palo, the other is ??)

I would like to guarantee some level of bandwidth available for this tunnel, to ensure that it gets a level of priority at least over basic web and streaming traffic.

I'm confused about how to assign this priority.

Here's what I've done, based on the doc "How to Configure Quality of Service (QOS)" for PanOS 3.0.0 and above.

I've created a QoS policy Called "Bandwidth Guarantee", with the source zone being "Untrust" and the source IP being the Internet IP of the remote site. The "Destination" zone is also "untrust", with my internet facing IP as the "Destination address". I've added IPSec and IKE as the applications this guarantee applies to. I assigned it to "Class 1".

Next, I created a QoS network profile called "Rate Guarantee" and assigned Class 1 a "Guaranteed Egress" of 50 mbps, a "Maximum Egress" of 100 mbps, and a priority of "Real Time"

Finally, for network QoS I added my Internet facing ethernet interface (ethernet1/1), enabled QoS, assigned "Clear Text" traffic the default QoS policy, and assigned the "Tunnel Interface Default Profile" to "Rate Guarantee".

Now, I would expect that once I committed this config, that I would be able to look at the QoS statistics and see the traffic from my tunnel being applied to Ethernet1/1...Tunnel Traffic...tunnel1.1...Class 1. However, I see nothing being applied, even though the tunnel is up and functioning.

I'm sure I'm missing something. What am I missing?

Who Me Too'd this topic