https://live.paloaltonetworks.com/t5/general-topics/how-do-you-verify-the-threat-prevention-throughput/m-p/19916#M14521 <HTML><HEAD></HEAD><BODY><P>Hello Hartkently,</P><P></P><P>There is no direct command to show the threat prevention throughput because it is basically just throughput of the device with some default profiles like AV, anti-spyware, vulnerability protection etc. This value has already been calculated and published at <A href="https://www.paloaltonetworks.com/products/product-selection.html" title="https://www.paloaltonetworks.com/products/product-selection.html">Product Selection</A></P><P></P><P>It is best to see the throughput of the device itself with the command "show system statistics session" which tells the current throughput value under operating conditions with your configuration subject to the amount of traffic going through firewall at that moment.</P><P></P><P>To improve performance you may disable DSRI <SPAN style="font-size: 10pt; line-height: 1.5em;">or Disable Server </SPAN>Response Inspection. With DSRI turned on, server response traffic is not inspected, which will increase the throughput capacity. Obviously, enabling this feature is only recommended for trusted servers. References: </P><P><A href="https://live.paloaltonetworks.com/docs/DOC-3094">Threat Prevention Deployment Tech Note</A></P><P><A href="https://live.paloaltonetworks.com/message/12876">Threat Prevention Throughput</A></P><P></P><P>Let us know if you have any questions.</P><P></P><P>Regards,</P><P>Dileep</P></BODY></HTML> Thu, 24 Jul 2014 23:14:07 GMT dreputi 2014-07-24T23:14:07Z https://live.paloaltonetworks.com/t5/general-topics/how-do-you-verify-the-threat-prevention-throughput/m-p/19912#M14517 <HTML><HEAD></HEAD><BODY><P>hello,</P><P></P><P>I would like to seek your help in determining the exact threat prevention through of a specific deployed PA machine.</P><P>I've been going around the forum and checking tech guides but i couldn't find one.</P><P>This for the reason of right sizing and to verify if a machine deployed could still be able to handle the network traffic.</P><P>Or if you have any suggestion on this, that would help us a lot.</P><P></P><P>Thank you very much!</P><P></P><P>Regards,</P><P>Hartkently</P></BODY></HTML> Thu, 24 Jul 2014 02:52:23 GMT https://live.paloaltonetworks.com/t5/general-topics/how-do-you-verify-the-threat-prevention-throughput/m-p/19912#M14517 HartkentlyNua 2014-07-24T02:52:23Z https://live.paloaltonetworks.com/t5/general-topics/how-do-you-verify-the-threat-prevention-throughput/m-p/19913#M14518 <HTML><HEAD></HEAD><BODY><P>You may get related information from <SPAN class="GINGER_SOFTWARE_mark">mentioned</SPAN> link: <A href="https://www.paloaltonetworks.com/products/product-selection.html" title="https://www.paloaltonetworks.com/products/product-selection.html">Product Selection</A></P><P></P><P>Thanks</P></BODY></HTML> Thu, 24 Jul 2014 06:49:29 GMT https://live.paloaltonetworks.com/t5/general-topics/how-do-you-verify-the-threat-prevention-throughput/m-p/19913#M14518 HULK 2014-07-24T06:49:29Z https://live.paloaltonetworks.com/t5/general-topics/how-do-you-verify-the-threat-prevention-throughput/m-p/19914#M14519 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Thank you for that information. but that is not exactly what we're looking for, but thank you for giving this info.</P><P>What i meant is the actual running threat prevention that is being consumed by a network on a PA device.</P><P>Is there a CLI Command for this? or a way to somehow verify its data.</P><P></P><P>Sorry for the misleading information.</P><P></P><P>Thank you.</P><P></P><P>regards,</P><P>Hartkently</P></BODY></HTML> Thu, 24 Jul 2014 07:49:18 GMT https://live.paloaltonetworks.com/t5/general-topics/how-do-you-verify-the-threat-prevention-throughput/m-p/19914#M14519 HartkentlyNua 2014-07-24T07:49:18Z https://live.paloaltonetworks.com/t5/general-topics/how-do-you-verify-the-threat-prevention-throughput/m-p/19915#M14520 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-size: 10pt; line-height: 1.5em;">Hello </SPAN><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">Hartkently</SPAN><SPAN style="font-size: 10pt; line-height: 1.5em;">,</SPAN></P><P>You could check the current throughput of the PAN firewall with below mentioned CLI command:</P><P></P><P>&gt; <SPAN class="GINGER_SOFTWARE_mark">show</SPAN> system statistics session&nbsp;&nbsp; &gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt; It will show you the current session statistics <SPAN class="GINGER_SOFTWARE_mark">( </SPAN>throughput)</P><P></P><P><SPAN class="GINGER_SOFTWARE_mark">Device</SPAN> is up<SPAN class="GINGER_SOFTWARE_mark">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :</SPAN> 6 days 5 hours 5 mins 25 <SPAN class="GINGER_SOFTWARE_mark">sec</SPAN></P><P>Packet rate<SPAN class="GINGER_SOFTWARE_mark">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :</SPAN> 52/s</P><P>Throughput<SPAN class="GINGER_SOFTWARE_mark">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :</SPAN> 302 Kbps &gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt; Runtime value</P><P>Total active sessions<SPAN class="GINGER_SOFTWARE_mark"> :</SPAN> 5</P><P>Active TCP sessions<SPAN class="GINGER_SOFTWARE_mark">&nbsp;&nbsp; :</SPAN> 0</P><P>Active UDP sessions<SPAN class="GINGER_SOFTWARE_mark">&nbsp;&nbsp; :</SPAN> 5</P><P>Active ICMP sessions<SPAN class="GINGER_SOFTWARE_mark">&nbsp; :</SPAN> 0</P><P></P><P>Let me know<SPAN class="GINGER_SOFTWARE_mark">,</SPAN>if&nbsp; this is what you are looking for.</P><P></P><P>Thanks</P></BODY></HTML> Thu, 24 Jul 2014 07:59:56 GMT https://live.paloaltonetworks.com/t5/general-topics/how-do-you-verify-the-threat-prevention-throughput/m-p/19915#M14520 HULK 2014-07-24T07:59:56Z https://live.paloaltonetworks.com/t5/general-topics/how-do-you-verify-the-threat-prevention-throughput/m-p/19916#M14521 <HTML><HEAD></HEAD><BODY><P>Hello Hartkently,</P><P></P><P>There is no direct command to show the threat prevention throughput because it is basically just throughput of the device with some default profiles like AV, anti-spyware, vulnerability protection etc. This value has already been calculated and published at <A href="https://www.paloaltonetworks.com/products/product-selection.html" title="https://www.paloaltonetworks.com/products/product-selection.html">Product Selection</A></P><P></P><P>It is best to see the throughput of the device itself with the command "show system statistics session" which tells the current throughput value under operating conditions with your configuration subject to the amount of traffic going through firewall at that moment.</P><P></P><P>To improve performance you may disable DSRI <SPAN style="font-size: 10pt; line-height: 1.5em;">or Disable Server </SPAN>Response Inspection. With DSRI turned on, server response traffic is not inspected, which will increase the throughput capacity. Obviously, enabling this feature is only recommended for trusted servers. References: </P><P><A href="https://live.paloaltonetworks.com/docs/DOC-3094">Threat Prevention Deployment Tech Note</A></P><P><A href="https://live.paloaltonetworks.com/message/12876">Threat Prevention Throughput</A></P><P></P><P>Let us know if you have any questions.</P><P></P><P>Regards,</P><P>Dileep</P></BODY></HTML> Thu, 24 Jul 2014 23:14:07 GMT https://live.paloaltonetworks.com/t5/general-topics/how-do-you-verify-the-threat-prevention-throughput/m-p/19916#M14521 dreputi 2014-07-24T23:14:07Z