This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Windows Remote Desktop Application Slow When Access Through PAN Firewall

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Windows Remote Desktop Application Slow When Access Through PAN Firewall

jeffhooi
Not applicable

‎11-30-2010 06:21 PM

Hi Guys,

I am experience some issue with the PA-500. I am having some slowness issue when users connect from remote site to HQ local server via remote desktop ( ms-rdp ) application and sometimes unable to connect or disconnected.

Policy rules are :  WAN - LAN Source any Destination 10.0.0.10 and 10.0.0.11 (server ip)  any  any profiles: none

That is the 1st rules.

I had tried to set the QoS for the ms-rdp application and which is still slow when i applied the QoS. Seems like the QoS is not working too.

When i physically bypass the PA-500, the ms-rdp was working fine and very fast.

Did anyone know what may cause this issue?

Software : PAN OS 3.1.6

Deployment mode : Transparent

WAN link : Load balancer on top bottom that support 3 WAN link (total of 10 Mbps link)

-Sam-

0 Likes Likes
2 REPLIES 2

pantac
L3 Networker

‎12-01-2010 09:29 AM

I would set up a capture on the palo alto device to stage at receive, transmit, drop, and firewall to see if the palo alto is forwarding the packet in a timely manner. also check to see if there were any packets dropped " show counter global filter delta yes | match drop
".  In a previous case we seen that  there's a large number of out-of-order frames on the local side, leading to retransmissions. we can modify these tcp settings with the following commands. " set deviceconfig setting tcp out-of-sync ignore  "
" set deviceconfig setting tcp drop-out-of-wnd no"

if you need help with any of the above please create a case via the support portal and an engineering will help debug further.

bjdraw
Not applicable
In response to pantac

‎12-06-2010 06:48 PM

I had this issue once and also blamed it on the PAN, only to discover that it was another hop along the way. In the end this netsh command on the RDP server fixed it.

netsh interface tcp set global autotuninglevel=disabled

Worth a shot as it can easily be turned back on.

0 Likes Likes
  • 5115 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks