Cloud performance ( I know the real answer is it depends )

L7 Applicator

Cloud performance ( I know the real answer is it depends )

Hello All,

Just curious what others have seen when it comes to performance/throughput of a cloud based PAN. My question is geared towards GlobalProtect and clients browsing off network, e.g. off network clients VPN into the cloud PAN and browse the internet that way instead of via the coporate one. 

 

Thanks in advance!

L5 Sessionator

Re: Cloud performance ( I know the real answer is it depends )

I don't believe there is a way to answer that because of the variables involved. If there is VPN to the cloud from corporate you have to consider

1. the bandwidth and throughput of the connection from Corporate into the Cloud

2. The bandwidth and through of the connection to the internet from the cloud

 

After you have considered that then comes the question of the type of traffic the customer will need to pass through the firewall. 

 

1. http, https smb?

2. What will the transaction sizes be?

 

As you can see there are too many variables to make a blanket statement saying that customers are seeing  a certain level of performance in those scenarios. 

L7 Applicator

Re: Cloud performance ( I know the real answer is it depends )

Yeah I couldnt agree more on your response. So let me rephrase the question a bit and see if the answers change. I'm trying to size a solution for end users to VPN into a cloud PAN just for web browsing, non corporate tasks. Looking at the published guide, VM-SERIES ON AMAZON WEB SERVICES, I see the following:

 

image.png

It seems that the test results for the vm-100 and 300 are the same so why pay the extra? I know they have different CPU/RAM specs and also the VM Instances are different. Just seeing if a vm-100 would work for 2K+ users performing casual web-browsing, nothing too bandwidth intensive.

 

Thoughts?

L0 Member

Re: Cloud performance ( I know the real answer is it depends )

Running into the same sizing issue with Azure, there is limited purpose to go for the higher models of Palo Alto VM500 / VM700 as the throughput is simply capped due to the limitations in running in the cloud. Only recomendation I can provide is to try a lower spec model VM100/VM300 aligned to the PA recomended hosting specicifactions and peform testing to see how it peforms. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!