For details on cookie usage on our site, read our Privacy Policy
Performance issues over internet speed from firewall
- LIVEcommunity
- Discussions
- Best Practice Assessment Discussions
- Performance issues over internet speed from firewall
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Performance issues over internet speed from firewall
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-26-2022 11:38 PM
We have PA-220 box installed fresh, at from the start itself the box reaching 30 to 40K session and the MP/DP plane hitting above 40-60%. the users are facing drops in network over g meet (especially the most) and other video conference applications saying poor network inbetween calls and when checking the firewall with any rule still the issue appears and when some user the using full bandwidth of isp i also face a slow or random packet drop in between. anybody suggest where to look and what to do???
Regards
SM
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-27-2022 09:22 PM - edited 06-09-2022 05:43 PM
Hi @CredAvenue ,
What PAN-OS version are you running? There is a known bug that PA-220 firewalls experience slower web interface and CLI performance times with 10.0 and 10.1.
I have never seen it impact the data plane on my PA-220. My PA-220 runs hot (sometimes 100%) on the MP but cool on the DP, but I don't have 30-40K sessions. The max sessions for the PA-220 is 64K. Strange that I don't see the bug for 10.2. Does that mean that it is fixed?
Here are some good articles for troubleshooting high CPU. I would fix the DP 1st.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRTCA0
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSvCAK
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleLCAS
Finally, Monitor > App Scope > Network Monitor can be very useful for viewing traffic load and quickly identifying excessive applications. Removing Security Profiles from the rule or using Application Override may decrease load for heavy but "safe" applications such as backups to/from your backup server.
Thanks,
Tom
Edit: I upgraded my PA-220 to 10.2 and it was slower. I downgraded it back to 10.1.
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-02-2022 04:57 AM
Hi Tom
PAN OS version we are using 10.0.10 and the packets dropping issue is still persists...
Regards
Sridhar Mohan
- Mark as New
- Subscribe to RSS Feed
- Permalink
06-09-2022 08:42 AM
Hello,
I hate to say it but you might be exceeding the hardware on that little device :(.
https://www.paloaltonetworks.com/products/product-comparison?chosen=pa-220,pa-820,pa-450
You could try tuning it and or turning off features.
Netflow is one that eats up a lot so does decryption. However you are losing visibility when you do :(.
Regards,
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-02-2022 12:50 AM
Yes team
The PA-220 does not match our performance needs...
- How To Be Updated With The Valid Reasons Why AOL Mail Not Receiving Emails? in General Topics
- Advanced threat protection_Deep Learning in Next-Generation Firewall Discussions
- Palo Alto with MDM DNS Filtering in General Topics
- Slow File Downloads over a new PA3220 in General Topics
- Firewall Unable to connect to ISP Router in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
