Using PA-200 for home internet router?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Using PA-200 for home internet router?

L4 Transporter

Hello folks,

 

I recently bought a used PA-200 software version 6.1.4 for learning and testing purposes. 

I replace my home Linksys with the PA-200 following this article to configure.

https://live.paloaltonetworks.com/t5/Configuration-Articles/Setting-Up-the-PA-200-for-Home-and-Small...

 

It's working.  However, I notice that the internet is somewhat slower, loading web pages, etc.

Is this expected?  Extra traffic processing, etc?

 

Curious if there are tips or best practice that could make a difference here?

 

Thanks!

1 accepted solution

Accepted Solutions

L3 Networker

HI There, 

 

Try to narrow it down.. 

is it slow dns response ? change the dns server from what ever is is to 8.8.8.8. If it is 8.8.8.8 change it to what the ISP provide. 

 

switch off threat, url filtering & data filtering if on and test the speed with and without it on

 

monitor the dashboard when testing for the dp and mp readings - on pa-200 these are closer linked than other models 

 

the version testing with is wee bit dated, try put your hand to at least the lasted release on 6.1 

 

factory reset if not done before you purchased .. better to start with a fresh unit always

 

best regards 

 

RD 

View solution in original post

9 REPLIES 9

L2 Linker

Make sure your link settings are set to auto (Network > Interfaces > 'ethernet1/x' > Advanced > Link Settings). Make sure your not decrypting your trusted traffic.

 

- JD 

Thank you for responding!

I checked both interfaces (external/internal) and both link settings are all auto.

Not sure how to tell if decrypting traffice on trust.

 

If you have any other comments let me know, will close thread soon.

 

Thanks!

If you don't recall setting it up then you likely are not decrypting as it's a little bit more of an involved process. The PA-200 really shouldn't affect your overall traffic speed that much. Overall though this would also depend on how much traffic you are processing, if your decrypting traffic, what security policies and such you have configured on the device, and what exactly you were running with before.

I imagine that you are noticing the small delay because your old router wasn't doing anything but processing your traffic, when you put an actual firewall infront of all your devices it would be normal to measure a slight delay, usually it isn't something that you would notice on a consumer link though. 

L3 Networker

HI There, 

 

Try to narrow it down.. 

is it slow dns response ? change the dns server from what ever is is to 8.8.8.8. If it is 8.8.8.8 change it to what the ISP provide. 

 

switch off threat, url filtering & data filtering if on and test the speed with and without it on

 

monitor the dashboard when testing for the dp and mp readings - on pa-200 these are closer linked than other models 

 

the version testing with is wee bit dated, try put your hand to at least the lasted release on 6.1 

 

factory reset if not done before you purchased .. better to start with a fresh unit always

 

best regards 

 

RD 

L6 Presenter

Agreed with all comments. Test with the cable connected to your router switch port with your laptop, where  (as people mentioned earlier) create a simple policy with any any (no profiles) allow all to the Untrust zone. Tweak the DNS (remember you cannot use firewall as a DNS server for your clients). If you configure your DHCP server on Palo to use its IP as a first (primary DNS) and secondary any other this could slow down you DNS requests first DNS server will fail to response and client should use/try a secondary but it will be some delays hence slowness. Cannot think of anything else that could slow your traffic fom the firewall side. 

I run a PA-200 at home as well and have not come across any performance issues.  I'm on PAN-OS 7.1.something.

L1 Bithead

OMatlock can you PM ME

 

 

i followed that article "somewhat" 

 

along with videos and other stuff and what I do its not working

 

i know I am missing a checkbox or something.

 

also for the ippool subnet i dont have that tab. I am on palo alto 5.0.12

Hey,

 

Need a bit more details (current topology, screenshot ect). FYI 5.0.X reached EoL:

 

https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary

 

I am thinking of uploading config file ....

  • 1 accepted solution
  • 6604 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!