09-06-2011 09:42 AM
Hi,
PA2020
to make a change and use "commit" takes about 2 to 3 minutes, I make many changes a day and I traceback, why take so long, is it bad configuration or pa2020 is normal?
regards
Arturo Vázquez Figueroa
09-06-2011 11:43 AM
not depend on size, I have 20 rules and only 100 users always takes the same time or longer, but just add a single user
Arturo
09-06-2011 02:35 PM
Hi,
I have the same issue with PA2020 4.0.4 version (5-6 minutes of boredom). I tried with the new 3.1.10 and works fine, we have to wait for tech support response or try with the new 4.0.5...
Bye
09-06-2011 06:35 PM
From my experience.. yes committing changes always takes a long time.. my understanding is that when committing changes you are essentially reprogramming all the FPGA's on the device.. this is unfortunately a slow process.. but once complete its what enables the PA firewall to process data/traffic at super high speeds (as most EVERYTHING is been done in hardware).. As opposed to normal firewalls which have hardcoded ASICS which can only offload some of the tasks whilst the rest is handled by the CPU.
If you've never done an OS upgrade on PA firewall yet.. hmm.. well be prepared for a very long wait for it to come back after the reboot (sometimes ~20mins+).. especially when going between major versions (eg. 3.x-4.x).. same deal.
09-06-2011 07:08 PM
Rumor has it that one of the major improvements in 4.1.x when it releases is speed improvements to the GUI and possibly to commit as well.
But yes, it's slow. It's the tradeoff. I'll gladly take it for a device that is far better than everything else on the market.
Why are you adding users to the firewall, you have no other LDAP/directory infrastructure? Much easier to add people to that directory and have the PAN access LDAP/ActiveDirectory instead.
09-15-2011 09:42 AM
The speed (or lack thereof) in the management GUI is ridiculous.
Adding a single rule is a 10-15min process on our PA-2050 boxes running 4.0.4. I love the feature set, but adding a single rule on our old PIX was about a 30 second process.
It's going to be a nightmare troubleshoot connectivity issues if I have to wait 10 minutes to test every change. I really hope this can be sped up in the next release, if not I'm going to regret this purchase.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
