An administrator is receiving complaints about application performance degradation. After checking the ACC, the administrator observes that there is an excessive amount of VoIP traffic.
Which three elements should the administrator configure to address this issue? (Choose three.)
To address the issue of excessive VoIP traffic affecting application performance, the administrator should implement a QoS policy for each application in order to categorize and manage traffic effectively. A QoS profile defining traffic classes is necessary to classify and allocate bandwidth for different types of traffic, ensuring that VoIP traffic receives appropriate priority and resources. Finally, QoS must be applied on the egress interfaces to enforce the defined policies and profiles, as QoS on the egress interface is where traffic shaping and prioritization actually occur.
A - QOS policy for apps you want to match B - nothing to do with QOS. This is a QOS question. C - QOS profile identifying each class D - trick. You can’t apply QOS to an ingress interface. QOS is applied as the packet egresses the firewall, after all other processing. This is not possible. E - Apply QOS on the interfaces you want. Google Palo Alto QOS and it’s all right there. Don’t have time to publish the link but it’s likely been posted below.
I see many people confusing inbound/outbound with ingress/egress, and QoS is only applied to the egress interface. >>> https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/quality-of-service/qos-overview "QoS implementation on a Palo Alto Networks firewall begins with three primary configuration components that support a full QoS solution: a QoS Profile, a QoS Policy, and setting up the QoS Egress Interface. Each of these options in the QoS configuration task facilitate a broader process that optimizes and prioritizes the traffic flow and allocates and ensures bandwidth according to configurable parameters."
>>> https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/quality-of-service/qos-concepts/qos-egress-interface#idc9fa64aa-fe7d-4cb6-ae6a-0a084d5d8bd1 "Because QoS is enforced on traffic as it egresses the firewall, your QoS policy rule is applied to traffic after the firewall has enforced all other security policy rules, including Network Address Translation (NAT) rules."
Apps/traffic that QoS will apply to needs to be identified with QoS policy. Profile will classify traffic and apply bandwidths. QoS is always applied to egress interface(s). Pay attention to answer E. QoS on the egress interface for the traffic flows <------ it says "for traffic flows" (not flow-it's plural). Session is two flows...from client/initiator to responder/server is one flow and return traffic from responder/server to client/initiator is second flow. For traffic from client to server egress interface will usually be external facing interface. For return traffic from server to client egress interface will be other, usually internal facing interface. They are both egress interfaces depending on the direction of the traffic. So I think A, C, E are correct answers. Don't confuse inbound and outbound traffic direction with ingress and egress interfaces. QoS is applied on egress interface.
CDE according to this: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/quality-of-service/qos-use-cases/use-case-qos-for-voice-and-video-applications
"Because the admin wants to guarantee QoS to both incoming and outgoing network traffic, he will enable QoS on both the firewall’s internal- and external-facing interfaces."
On the 1/23/24 exam
My input ACE: " The ingress interface for QoS traffic is the interface on which the traffic enters the firewall. The egress interface for QoS traffic is the interface that traffic leaves the firewall from. QoS is always enabled and enforced on the egress interface for a traffic flow. The egress interface in a QoS configuration can either be the external- or internal-facing interface of the firewall, depending on the flow of the traffic receiving QoS treatment." src: https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/quality-of-service/qos-concepts/qos-egress-interface A - Possible to setup B - Nothing to do with QoS C - Possible to setup D - Not Possible - Can only configure QoS on an egress interface - See Above E - Possible to setup Also see comment from sov4 Link provided by TeXJ talks about incoming / outgoing communications, Not about ingress / egress interfaces for QoS.
I agree with TeXJ. According to the documentation he links to, this is exactly how Palo says to configure QoS for VoIP. The question still isn't specific on the Applications affected. But assuming it's voip / video, this makes the most sense.
The answer is BCD
I agree. People voting A, are you aware of the high volumen of apps passing through the firewall?
QOS is a three step process: Step 1: Create QOS Profile- Network>QOS Profile. Here define class, priority, egress max and egress guaranteed. Step 2: Create QOS: Network>QOS. Here define Egress Interface. Step 3: Create QOS Policy: Here you can define application.
A, C and E
I guess that answer is B, C, D. B: Sometimes, ALG (Application Layer Gateway) in a SIP (Session Initiation Protocol) application can cause problems with VoIP devices, making them connect and disconnect every few seconds. If you don't want to tamper with the ALG of the SIP application, you can always configure an app-override policy for the networks of VoIP devices that are experiencing issues. With this approach, you can reduce the volume of VoIP traffic by avoiding sudden disconnections and their subsequent connection attempts. C: To monitor the bandwidth consumed by VoIP applications (SIP and RTP), you can configure a Quality of Service (QoS) profile and define a class for these applications. D: To view the bandwidth consumed by VoIP applications (SIP and RTP), you need to enable QoS on the input interface to be able to see QoS statistics and monitor in real-time the bandwidth used by these applications. If the volume is consistent, you can always configure a maximum bandwidth and guarantee a minimum bandwidth for this traffic.
As per TeXJ link shared.
Yes, should be CDE
I don't need to explain anything. It's explained on another same question, Q475. PLease go and check. We only need to configure qos, then profile, policy and egress.
How are you supposed to setup QOS for each application? There are probably hundreds of apps passing through the firewall. I can't see how that makes sense. Maybe I am misunderstanding something.
the question you reference has nothing to do with this question except for the mention of VOIP.
Answer is ACE