This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About daba1974
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About daba1974
08-18-2015
5Posts
0Likes
0Solutions
Aug 18, 2015Last Visited
User
Activity
User
Profile
Latest posts by daba1974
| Subject | Views | Posted |
|---|---|---|
| 1268 | 08-05-2012 02:40 AM | |
| 1357 | 07-29-2012 12:41 AM | |
| 2515 | 07-04-2012 09:39 AM | |
| 1374 | 06-05-2012 05:47 AM | |
| 1434 | 06-05-2012 01:41 AM |
User Badges
Community Statistics
| Member Since | 05-29-2012 03:48 AM |
| Date Last Visited | 08-18-2015 09:07 AM |
| Posts | 5 |
07-06-2012
04:56 AM
1 Kudo
The point here is that the receiving firewall/switch/router (unless its proxybased) cannot choose or inform in which order the sending device (like the internetrouter your firewall is connected to) should send its packets. So you must happily accept the order of which the packets arrives on your uplink. What you are in charge of is in which order your packets will leave your firewall which gives that you can either delay outgoing packets or drop them all together (the later is often least demanding on the device which will perform the QoS and is part of RED shaping - randomly early detection). So to get the best effect when a user wants to download stuff is to not only delay/drop incoming packets (the actual download) but also the outgoing ack's sent back by the client to the server. When TCP is being used the algoritms at both client but in this case mainly server will adjust the windows being used and also how many packets will be allowed "in transit" (in plain english - the server will slowdown the speed in which the file is being sent at). More advanced QoS engines can alter windowsizes and other stuff to slow down a specific flow in order to not be forced to drop packets on the road. For the best effect of using QoS you should apply the very same rules in ALL your network equipment - also in the endnodes (the clients and servers themselfs) if possible. This way prioritized traffic will be prioritized at every hop while traffic you have choosed to prioritize down will only use whats left of the current links. Of course not all equipment can do QoS based on content so in PA's case you can tag outgoing packets with various QoS classes (DSCP or TOS) so that your switches and routers (who doesnt know if the flow is youtube which you want to prioritize down) will act on the DSCP/TOS fields in each IP packet instead and still be able to prioritize the traffic correctly through your infrastructure. PS. This subforum is mainly for question regarding the supportportal itself, the proper location for PA question is in KnowledgePoint DS.
... View more
06-05-2012
05:47 AM
I tried with your instruction but it didn't work, i have to mention that the interface that use the ip address 90.91.92.1 use vlan tagging. i added the subnet 84.85.86.1/28 to the interface as you mentioned and create a NAT policy as following Tag none source zone: internet destination zone : local destination interface :any source address : any destination address :test1 services: any source translation :none destination:address:test2 test1 is an ip address from the rane 84.85.86.1/28 test2 is a local host address i tested tracing to the true subnet from internet and it show the proper path till reaching my WAN ip
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-18-2015
09:07 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks