PA5050 device with PANOS 4.0.2 in L3 mode:
- There is created a single interface AE1 (6x physical interface in LAG);
- There is createsd 100 L3 subinterface with VLANS tag on interface AE1;
- The device has a one rule "allow all" (test environment) with profiles SPYWARE, AV, VULER, URL, DATAFILTER - all in logging mode.
The device works fine with one exception. Transferring files using the ms-smb is very slow. Maximum transfer was achieved is about 12Mbps. Downloading the same file without the PA is about 8x faster. The device in the test environment is loaded with approximately 500Mbps and maintains about 20,000 Sessions tcp / udp. This is not a lot for PA5050.
The problem occurs with profiles attached as well as in normal mode (application firewall only) without profiles enabled.
How can I solve this problem?
Generally speaking SMB is a very chatty protocol, so payload throughputs are not reflective of the actual bandwidth in use. I think ultimately you may want to call support on it, but here are a couple of thoughts that might help you identify the source of the issue:
1. First off, I think you should upgrade to 4.0.3 if you can, as there were generally a lot of fixes included in that release.
2. Try creating a rule above your "allow all" rule based on source and destination specifically for your this traffic. Within this rule I would try turning off security profiles and see if there's a change.
3. Also in your new rule, try enabling DSRI (disable server response inspection) to see if that helps. Since you likely trust your servers, this would cut your inspection burden down, which could improve your performance.
4. Try creating an App Override policy and see the effects there.
If you still have issues after that, I'd give support a call to troubleshoot further!
Thank you for your reply.
Tests on version 4.0.2:
1. I created a specific rule for smb and turned off security profiles - no change.
2. I turned on the functions DSRI for this rule - no change.
3. I created a rule for the specified App Override of traffic - no change.
Next I made the upgrade to version 4.0.3 and have done the same tests:
1. Rule without profiles - no change.
2. The rule with DSRI feature enabled - no change.
3. App override rule for the specific traffic (with reference to the custom app on ports 137-139,445 tcp / udp) - trasnfer increased about 3x.
Last activity definitely accelerated file transfers, but still it is about 10Mbps less than expected. Fortunately, employees can now work effectively on remote resources.
Is there a problem with the definition of application ms-smb in signatures? Is this a hardware problem of PA5000 series? I've worked with all series of PA firewalls (PA500, PA2020, PA2050, PA4020, PA4050 and now PA5050) and it happens the first time.
Message was edited by: darkfibre
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!