a QoS profile to define the bandwidth limits and priority for up to eight classes of service. You can set both guaranteed and maximum bandwidth limits for individual classes and for the collective classes. Priorities determine how traffic is treated in the presence of contention.
To fully enable the firewall to provide QoS, you must also:
Define the traffic that you want to receive QoS treatment (select
Policies > QoS
to add or modify a QoS policy).
Enable QoS on an interface (select
Network > QoS).
Enter a name to identify the profile (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
Enter the maximum throughput in Mbps for this profile. The value is 0 by default, which specifies the firewall limit (60,000 Mbps in PAN-OS 7.1.16 and later releases; 16,000 in PAN-OS 7.1.15 and earlier releases).
value for a QoS profile must be less than or equal to the
value defined for the physical interface enabled with QoS. See
Network > QoS.
Though this is not a required field, it is recommended to always define the Egress Max value for a QoS profile.
Enter the bandwidth that is guaranteed for this profile (Mbps). When the egress guaranteed bandwidth is exceeded, the firewall passes traffic on a best-effort basis.
to specify how to treat
individual QoS classes. You can select one or more classes to configure:
—If you do not configure a class, you can still include it in a QoS policy. In this case, the traffic is subject to overall QoS limits. Traffic that does not match a QoS policy will be assigned to class 4.
—Click and select a priority to assign it to a class:
When contention occurs, traffic that is assigned a lower priority is dropped. Real-time priority uses its own separate queue.
—Click and enter the maximum throughput in Mbps for this class. The value is 0 by default, which specifies the firewall limit (60,000 Mbps in PAN-OS 7.1.16 and later releases; 16,000 in PAN-OS 7.1.15 and earlier releases. The
value for a QoS class must be less than or equal to the
value defined for the QoS profile.
Though this is not a required field, it is recommended to always define the
value for a QoS profile.
—Click and enter the guaranteed bandwidth (Mbps) for this class. Guaranteed bandwidth assigned to a class is not reserved for that class—bandwidth that is unused continues to remain available to all traffic. However, when the egress guaranteed bandwidth for a traffic class is exceeded, the firewall passes that traffic on a best-effort basis.
Network > QoS The following topics describe Quality of Service (QoS). What do you want to know? See: Set bandwidth limits for an interface and ...
Policies > QoS
Policies > QoS Add QoS policy rules to define traffic to receive QoS treatment, and assign a QoS class for each QoS policy rule in ...
Upgrade/Downgrade Considerations Table: PAN-OS 7.1 Upgrade/Downgrade Considerations lists the new features that have upgrade or downgrade impacts. Make sure you understand all potential changes before ...
Network > Interfaces
Network > Interfaces Firewall interfaces (ports) enable a firewall to connect with other network devices and with other interfaces within the firewall. The following topics ...
Use Case: Monitor Applications Using Panorama
Use Case: Monitor Applications Using Panorama This example takes you through the process of assessing the efficiency of your current policies and determining where you ...
Device > High Availability
Device > High Availability Device > High Availability For redundancy, deploy your Palo Alto Networks next-generation firewalls in a high availability configuration. There are two ...
Network > Virtual Routers
Network > Virtual Routers The firewall requires a virtual router to obtain routes to other subnets either using static routes that you manually define, or ...
Support for URLs in an External Dynamic List
Support for URLs in an External Dynamic List Instead of statically defining a URL allow list, block list, or custom URL category on a firewall, ...
High Availability for VM-Series Firewall in AWS
High Availability for VM-Series Firewall in AWS The VM-Series firewall in AWS supports active/passive HA only; if it is deployed with Amazon Elastic Load Balancing ...
Policies > Security
Policies > Security Security policies reference security zones and enable you to allow, restrict, and track traffic on your network based on the application, user ...