https://live.paloaltonetworks.com/t5/general-topics/increase-data-plane-cpu-on-pa-500/m-p/44676#M32793 <HTML><HEAD></HEAD><BODY><P>I have never had this problem so Im just guessing now <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://live.paloaltonetworks.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P><P></P><P>Try to enable IDP for both directions (if you didnt already do so) along with antivirus controls, botnet detection, url categorization etc - simply enable all filtering features you can find along with logging for not only session end but also session start (the later I guess could saturate the mgmtplane before the dataplane).</P><P></P><P>And then its a matter of pushing traffic... if possible you could record a pcap file and then replay it using tcpreplay:</P><P></P><P><A class="jive-link-external-small" href="http://tcpreplay.synfin.net/">http://tcpreplay.synfin.net/</A></P><P></P><P>Edit: By the way according to a NSS Labs test enabling ALL features of PAN actually increased the throughput so I dunno... perhaps enabling just one feature will be worser for the dataplane than when everything is enabled? <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P></BODY></HTML> Mon, 12 Mar 2012 21:31:27 GMT mikand 2012-03-12T21:31:27Z https://live.paloaltonetworks.com/t5/general-topics/increase-data-plane-cpu-on-pa-500/m-p/44675#M32792 <HTML><HEAD></HEAD><BODY><P>Hi, every body!</P><P></P><P>I used Palo Alto - 500&nbsp; with version 4.0.1</P><P>On this device, Data plane CPU alway about 6-20%. I want to increase Data plane CPU on Pa-500 (4.0.1)</P><P>Please help me How to increase CPU up to 70-90% ???</P><P></P><P>Thanks all !!!</P></BODY></HTML> Mon, 12 Mar 2012 03:28:25 GMT https://live.paloaltonetworks.com/t5/general-topics/increase-data-plane-cpu-on-pa-500/m-p/44675#M32792 thenlee 2012-03-12T03:28:25Z https://live.paloaltonetworks.com/t5/general-topics/increase-data-plane-cpu-on-pa-500/m-p/44676#M32793 <HTML><HEAD></HEAD><BODY><P>I have never had this problem so Im just guessing now <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://live.paloaltonetworks.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P><P></P><P>Try to enable IDP for both directions (if you didnt already do so) along with antivirus controls, botnet detection, url categorization etc - simply enable all filtering features you can find along with logging for not only session end but also session start (the later I guess could saturate the mgmtplane before the dataplane).</P><P></P><P>And then its a matter of pushing traffic... if possible you could record a pcap file and then replay it using tcpreplay:</P><P></P><P><A class="jive-link-external-small" href="http://tcpreplay.synfin.net/">http://tcpreplay.synfin.net/</A></P><P></P><P>Edit: By the way according to a NSS Labs test enabling ALL features of PAN actually increased the throughput so I dunno... perhaps enabling just one feature will be worser for the dataplane than when everything is enabled? <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P></BODY></HTML> Mon, 12 Mar 2012 21:31:27 GMT https://live.paloaltonetworks.com/t5/general-topics/increase-data-plane-cpu-on-pa-500/m-p/44676#M32793 mikand 2012-03-12T21:31:27Z https://live.paloaltonetworks.com/t5/general-topics/increase-data-plane-cpu-on-pa-500/m-p/44677#M32794 <HTML><HEAD></HEAD><BODY><P>Thanks for your reply, <A href="https://live.paloaltonetworks.com/people/mikand" id="jive-32451,975,960,496,462,901">mikand</A> !</P><P></P><P>I have never enable IDP before, I will try it.</P><P>Mgmt CPU on my device usually about 30-50% but Dataplane cpu only&nbsp; 6-20%.</P><P>I think that mgmt cpu didn't depend on dataplane</P></BODY></HTML> Tue, 13 Mar 2012 07:32:33 GMT https://live.paloaltonetworks.com/t5/general-topics/increase-data-plane-cpu-on-pa-500/m-p/44677#M32794 thenlee 2012-03-13T07:32:33Z https://live.paloaltonetworks.com/t5/general-topics/increase-data-plane-cpu-on-pa-500/m-p/44678#M32795 <HTML><HEAD></HEAD><BODY><P>Thats the idea of the mgmtplane vs dataplane in PAN.</P><P></P><P>The mgmtplane is a regular x86 cpu taking care of GUI, compiling configurations (when you click commit) and handle all the logs. Also for smaller models the mgmtplane will also take care of the on-the-fly generation of MITM certs for SSL-inspection.</P><P></P><P>The dataplane is a fpga/asic (depending on box) where all the traffic is being handled (and for (I think) 5xxx models includes on-the-fly generation of MITM certs for SSL-inspection).</P><P></P><P>This gives that even during a DDoS situation where the dataplane is maxed out your GUI should work without problems (depending on your logsettings etc since all the logs that the dataplane pukes out will be handled by the mgmtplane if you have setup to log stuff).</P><P></P><P>With that said having a high "cpu utilization" for the dataplane isnt really an issue until it hits the 100% mark and latency will start to occur.</P><P></P><P>Also the utilization doesnt seem to be linear either. Like if you with 2.500 concurrent sessions see 25% data-cpu it doesnt mean that the max limit will be 10.000 concurrent sessions but rather 20.000, 30.000 or so (just an example).</P></BODY></HTML> Tue, 13 Mar 2012 10:27:06 GMT https://live.paloaltonetworks.com/t5/general-topics/increase-data-plane-cpu-on-pa-500/m-p/44678#M32795 mikand 2012-03-13T10:27:06Z