Provides you with examples of how QoS works in Prisma
Access.
The following examples show how Prisma Access marks
and shapes traffic.
In the following example, the administrator created a security
policy on the Mobile_User_Device_Group to mark incoming mobile user
traffic. These policies assign traffic an IP precedence value of
AF11.
The administrator also created QoS profiles with QoS policy rules, enabled
QoS on the service connection and remote network connection, and
applied the profiles to those connections to shape the traffic at
the traffic’s egress point based on the QoS markings.
Prisma Access marks traffic at its ingress point based
on security policies or honors marking set by your on-premises devices,
and shapes the traffic on egress to your service connections or
remote network connections using QoS profiles.
The following example shows the QoS traffic flow from a branch
office to an HQ/data center. The administrator creates a security policy on the Remote_Network_Device_Group to
mark the incoming traffic from the remote network connection and
enabled QoS and applied a QoS profile on the service connection
to shape the outgoing traffic.
The following example shows a hybrid deployment with an on-premises
firewall at a branch that is connected by Prisma Access with a remote
network connection, and the on-premises firewall marks the traffic.
This deployment honors the marking set on the on-premises firewall.
You must enable QoS and apply a QoS profile on the service connection,
so that Prisma Access can shape the traffic at egress.
Prisma Access honors all DSCP marking from the on-premises device
as long as that traffic does not match an overriding security policy
on Prisma Access.