FTP slow through PA-500

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FTP slow through PA-500

L0 Member

Hi,

We have our PA-500 set up as follows:

Ports 1 & 2 as VWire connected to our firewall with AV and malware scanning

Ports 3 & 4 as L3 for our user traffic, scanning AV and Malware and URL filtering

When a user uses FTP to send files to servers on our DMZ through the L3 connection they are only getting 2-300kbp/s throughput, but if they use the VWire, the transfer rate is 20 Mb/s upwards to our DMZ.

We have tried several FTP clients, and also added specific FTP policy rules with destination set etc, with no scanning of traffic, but it does not make any difference.

Is there a way to increase this specific FTP traffic to the DMZ ?

Any help would be appreciated.

Thanks

Lee Hancock

4 REPLIES 4

Not applicable

Hi Lee, and PA Support Team,

I have additional informations.

I tested FTP through put with AntiVirus.

Device : PA-4060

- OS : 3.1.2

- Application : 217-785

- AntiVirus : 341-427

- InterfaceMode : L3

Server : Windows2008R2

Client : Windows7 64bit

- FTP client : FileZilla3.3.0

Through Put

- no AV FTP get : 465.1Mbps

- AV FTP get : 452.0Mbps

- no AV FTP put : 500.0Mbps

- AV FTP put : 62.8Mbps

It seems the same issue with the Lee's one.

I'll get a tech-support and open a new case.

Thank you,

Tomoyuki Komure

Not applicable

Most of the issues ive had with slow large file downloads (ftp, update, etc etc) have been simple port speed / duplex miss-matches

This seems to an issue when in Vwire mode!

Hi djmac,

I didn't think of that!!, I've gone through and checked the connections and it was connecting to our DMZ at only 100Mb.

I've now made changes to the networking side, etc, and set the Palo Alto connections to 1000 Mb/s Full Duplex.

I've tested FTP again and the transfer rate through the Palo Alto L3 connection is now 20-40 Mb/s, which is satifactory for the relevant users, although to a server still at 100 Mb connection in our DMZ (can't replace DMZ switches for full Gigabit yet !!) it's FTP transfer was 3-8 Mb/s.

I'm going to do some more testing through the VWire connection, but would be interested in others advice about this.

Lee

Funny thing is we had a similar thing happen with MSUPDATES and the Palo software update.  It seems the mismatch only becomes an issue when the link is loaded. We also find this happen more with HP switches.
  • 5719 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!