Skip to content

feat(specs): Add spec, tests and examples for panos_qos_policy #681

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: feat-add-devices
Choose a base branch
from
Open

feat(specs): Add spec, tests and examples for panos_qos_policy #681

wants to merge 1 commit into from

Conversation

@kklimonda-cl
Copy link
Contributor

@kklimonda-cl kklimonda-cl commented Nov 28, 2025

Add QoS Policy Resource

This PR adds support for QoS (Quality of Service) policy configuration in PAN-OS.

Terraform Resources

  • panos_qos_policy - Manages the entire QoS policy
  • panos_qos_policy_rules - Manages a subset of QoS policy rules

Parameters with Terraform Overrides

Parameters that have been renamed or have type overrides in Terraform:

Spec Name Terraform Name Type Override Description
application applications set Applications to match
destination destination_addresses set Destination addresses to match
from source_zones set Source zones to match
service services set Services to match
source source_addresses set Source addresses to match
source-user source_users set Source users to match
to destination_zones set Destination zones to match
uuid uuid (private) Entry UUID value

Standard Parameters

Parameters without overrides:

Parameter Type Description
name string Rule name
action object Classification action with QoS class (1-8)
category list URL categories to match
description string Rule description (max 1024 chars)
destination_hip list Destination HIP profiles
disabled bool Disable the rule
dscp_tos object DSCP/TOS marking configuration (see variants below)
group_tag string Group tag (max 127 chars)
negate_destination bool Negate destination match
negate_source bool Negate source match
schedule string Schedule name
source_hip list Source HIP profiles
tag list Administrative tags
target object Target devices and vsys

DSCP/TOS Variants

The dscp_tos parameter supports the following mutually exclusive variants:

  • any - Match any DSCP/TOS codepoint
  • codepoints - List of named codepoint configurations with the following types:
    • ef - Expedited Forwarding (EF) with value ef
    • af - Assured Forwarding (AF) with values af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43
    • cs - Class Selector (CS) with values cs0-cs7
    • tos - IP Precedence (ToS) with values cs0-cs7
    • custom - Custom codepoint with name and 6-bit binary value

Locations

Supports the following location types:

  • shared - Shared rulebase (Panorama/NGFW)
  • vsys - NGFW vsys-specific rulebase
  • device_group - Panorama device group rulebase

@kklimonda-cl kklimonda-cl linked an issue Nov 28, 2025 that may be closed by this pull request
QoS Policy #682
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

QoS Policy

2 participants

@kklimonda-cl