Network > QoS
The following topics describe Quality of Service (QoS).
What do you want to know? See:
Set bandwidth limits for an interface and enforce QoS for traffic exiting an interface. QoS Interface Settings
Monitor traffic exiting a QoS-enabled interface. QoS Interface Statistics
Looking for more? See Quality of Service for complete QoS workflows, concepts and use cases.
Select Policies > QoS to assign matched traffic a QoS class, or select Network > Network Profiles > QoS to define bandwidth limits and priority for up to eight QoS classes.
QoS Interface Settings
Enable QoS on an interface to set bandwidth limits for the interface and/or to enable the interface to enforce QoS for egress traffic. Enabling a QoS interface includes attaching a QoS profile to the interface. QoS is supported on physical interfaces and, depending on firewall platform, QoS is also supported on subinterfaces and Aggregate Ethernet (AE) interfaces. See the Palo Alto Networks product comparison tool to view QoS feature support for your firewall platform.
To get started, Add or modify a QoS Interface, and then define the fields described in the following table.
QoS Interface Setting Configured In Description
Interface Name QoS Interface > Physical Interface Select the firewall interface on which to enable QoS.
Egress Max (Mbps) Enter the limit on traffic leaving the firewall through this interface. Though this is not a required field, we recommend always defining the Egress Max value for a QoS interface.
Turn on QoS feature on this interface Select this option to enable QoS on the selected interface.
Clear Text Tunnel Interface QoS Interface > Physical Interface > Default Profile Select the default QoS profiles for clear text and for tunneled traffic. You must specify a default profile for each. For clear text traffic, the default profile applies to all clear text traffic as an aggregate. For tunneled traffic, the default profile is applied individually to each tunnel that does not have a specific profile assignment in the detailed configuration section. For instructions on defining QoS profiles, refer to Network > Network Profiles > QoS.
Tunnel Interface
Egress Guaranteed (Mbps) QoS Interface > Clear Text Traffic/ Tunneled Traffic Enter the bandwidth that is guaranteed for clear text or tunneled traffic from this interface.
Egress Max (Mbps) Enter the limit on clear text or tunneled traffic leaving the firewall through this interface.
Add Click Add on the Clear Text Traffic tab to define additional granularity to the treatment of clear text traffic. Click individual entries to configure the following settings: Name —Enter a name to identify these settings. QoS Profile —Select the QoS profile to apply to the specified interface and subnet. For instructions on defining QoS profiles, refer to Network > Network Profiles > QoS . Source Interface —Select the firewall interface. Source Subnet —Select a subnet to restrict the settings to traffic coming from that source, or keep the default any to apply the settings to any traffic from the specified interface. Click Add from the Tunneled Traffic tab to override the default profile assignment for specific tunnels and configure the following settings: Tunnel Interface —Select the tunnel interface on the firewall. QoS Profile —Select the QoS profile to apply to the specified tunnel interface. For example, assume a configuration with two sites, one of which has a 45 Mbps connection and the other a T1 connection to the firewall. You can apply restrictive QoS settings to the T1 site so that the connection is not overloaded while also allowing more flexible settings for the site with the 45 Mbps connection. To remove a clear text or tunneled traffic entry, clear the entry and click Delete. If the clear text or tunneled traffic sections are left blank, the values specified in the Physical Interface tab’s Default Profile section are used.
QoS Interface Statistics
For a QoS interface, select Statistics to view bandwidth, session, and application information for configured QoS interfaces.
QoS Statistic Description
Bandwidth Shows the real time bandwidth charts for the selected node and classes. This information is updated every two seconds. The QoS Egress Max and Egress Guaranteed limitations configured for the QoS classes might be shown with a slightly different value in the QoS statistics screen. This is normal behavior and is due to how the hardware engine summarizes bandwidth limits and counters. There is no operation concern as the bandwidth utilization graphs display the real-time values and quantities.
Applications Lists all active applications for the selected QoS node and/or class.
Source Users Lists all the active source users for the selected QoS node and/or class.
Destination Users Lists all the active destination users for the selected QoS node and/or class.
Security Rules Lists the security rules matched to and enforcing the selected QoS node and/or class.
QoS Rules Lists the QoS rules matched to and enforcing the selected QoS node and/or class.

Related Documentation