I have a question about whether it is possible to associate a QoS profile on an aggregate interface.
According to the following link, it is possible to do it:
Note: The model Firewall is PA-5050 and version is 8.1.22
It is my first time doing it and my doubt is that to associate the QoS profile in an aggregate interface, it has to be done within "Clear Text Traffic", in Physical Interface it is not possible to select the aggregate interface and in Tunneled Traffic only for VPN tunnels.
I attach the screenshot example:
Regards.
in the QoS interface, you can add more detailed configuration in the Clear Text Traffic tab. you can set a specific source interface (unfortunately only as source interface, not destination)
Hello,
Thanks for your update, in case it is required to be applied on a particular aggregate sub-interface, like the following screenshot:
Would it be possible to do this? and Where would it apply?
Because in the Physical Interface section it is not possible to select the Aggregate subinterface.
Regards.
when you aggregate interfaces, the ae.x interface becomes the interface object and the physical interfaces simply become members of that object. nothing is configured on the eth1/x anymore
the QoS profile needs to be added to the ae.x interface
then, in QoS profiles, 'clear text' refers to _all_ traffic that has not been encapsulated in an ipsec tunnel. this allows you to limit the amount of 'regular' traffic that is sent out of an interface versus how much ipsec can go out
this allows for example on a 2gb aggregate to limit cleartext to 1600mbps and ipsec to 400 mbps, simply by adding 2 profiles with the egress max set to the appropriate value
hope this helps