limitation on QoS when using loopback interface for GlobalProtect Portal/Gateway interface

limitation on QoS when using loopback interface for GlobalProtect Portal/Gateway interface

7744
Created On 04/18/20 00:12 AM - Last Modified 12/11/20 17:45 PM


Symptom


Loopback interface is often used to configure GlobalProtect Portal/Gateway. If QoS is configured on the physical interface for GlobalProtect traffic, the tunnel traffic is observed as bypass-traffic.

Environment


  • PAN-OS 8.1 and above.
  • Palo Alto Firewall.
  • GlobalProtect Portal and Gateway configured on Loopback Interface.

Cause


Currently, QoS is only applicable to a physical interface.  When creating a QoS setting (GUI: Network > QoS > Add), only Ethernet and Aggregated Interface can be selected.  With GlobalProtect tunnel traffic terminated on the loopback interface, QoS would not be able to process that like it would through the physical interface.

Resolution


Configure GlobalProtect using the physical interface, if applying QoS is necessary.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPh3CAG&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language