PA2020 4.1.14, 500 users. Recently we have added ~100 more users to our PA2020 and are seeing huge slow-downs for internet. Session stats show our device has a high packet rate and through put. We have been advised that~20,000 packet rate / 120 mb throughput are the limits and anything encroaching 80% of the limit will result in a slow down.
Device is up : 1 day 14 hours 3 mins 38 sec
Packet rate : 34580/s
Throughput : 115023 Kbps
Total active sessions : 8801
Active TCP sessions : 8644
Active UDP sessions : 33
Active ICMP sessions : 0
Any suggestions on how to further troubleshoot whether a specific user/rule is responsible or - grabs straws - ANYTHING else I can work through?
Some things you can do to reduce the load on the Palo Alto and improve performance.
1) Reduce logging on certain security policies which pass trusted traffic (i.e. internal DNS, internal web server). If you don't have rules specifically for that traffic create them and turn off the logging.
2) Create application overrides for trusted traffic (i.e. internal DNS, internal web server). This will reduce the load on the content inspection engine.
3) Look for large amounts of small packets such as high ping rates from monitoring devices.
Thanks for the suggestions. After having a PA engineer look at the device they concluded that the device was just not up to the job for us. The logging was minimal on policies but the sessions were just too high. We swapped out for the (much better) 3020s and the problem has gone.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!