High Packet Rate / Throughput

cancel
Showing results for 
Search instead for 
Did you mean: 

High Packet Rate / Throughput

Not applicable

PA2020 4.1.14, 500 users. Recently we have added ~100 more users to our PA2020 and are seeing huge slow-downs for internet. Session stats show our device has a high packet rate and through put. We have been advised that~20,000 packet rate / 120 mb throughput are the limits and anything encroaching 80% of the limit will result in a slow down.

Device is up          : 1 day 14 hours 3 mins 38 sec

Packet rate           : 34580/s

Throughput            : 115023 Kbps

Total active sessions : 8801

Active TCP sessions   : 8644

Active UDP sessions   : 33

Active ICMP sessions  : 0

Any suggestions on how to further troubleshoot whether a specific user/rule is responsible or - grabs straws - ANYTHING else I can work through?

4 REPLIES 4

L3 Networker

Some things you can do to reduce the load on the Palo Alto and improve performance.

1) Reduce logging on certain security policies which pass trusted traffic (i.e. internal DNS, internal web server).  If you don't have rules specifically for that traffic create them and turn off the logging.

2) Create application overrides for trusted traffic (i.e. internal DNS, internal web server).  This will reduce the load on the content inspection engine.

3) Look for large amounts of small packets such as high ping rates from monitoring devices.

Also check to make sure log at session start is not checked.

Check the ACC tab and see what app has the most sessions then follow step 1 from JimS2.

Not applicable

Delayed reply..

Thanks for the suggestions. After having a PA engineer look at the device they concluded that the device was just not up to the job for us. The logging was minimal on policies but the sessions were just too high. We swapped out for the (much better) 3020s and the problem has gone.

Thanks again.

What CLI commands should we be using to manage/monitor the effect as we make these changes?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!