Management CPU is 100%

Reply
Highlighted
L4 Transporter

Re: Management CPU is 100%

rk - we're waiting for the DHCP NACK fix to be backported before we upgrade to 4.1.11 or 4.1.12... we're waiting on 4.1.13 (assuming the DHCP fix makes it in) before we do the upgrade.

Highlighted
L1 Bithead

Re: Management CPU is 100%

I upgraded our failover 2050 to 4.1.12 this morning and the update appears to have solved the "sitting at 100%" problem. My management cpu is bouncing between 60 and 65% which is still high in my opinion, especially just for logging in, but I have noticed improved navigation speed.

Palo Alto Networks Guru

Re: Management CPU is 100%

Colp,

   I am very sorry to hear that you have had issues with the 2000 series management plane performance.  We have definitely grown our feature set and as we grow our feature set we have grown our QA and testing infrastructure.  We are continually working to improve our testing methodology and process. 

    That said, unfortunately, you currently have the our slowest management plane firewalls.  The 2000 series firewalls were designed years ago and we have heard the complaint about management performance.  We have been working hard on the software side to improve the commit time and navigation of the user interface.  The 5.0 release had many of these improvements, but to see major differences the hardware needed to get some horsepower.  The 3000 series mid range firewalls have approximately 400% more RAM and CPU performance as the 2000.  We are seeing commit times go down from many minutes to less than a minute.  The overall management experience is much improved. 

   I know that not everyone can upgrade the hardware because of budgets, but before you change vendors, please know that we are listening and working on solutions to your issues.  I continue to put a major effort into improving and optimizing the software.  However, if it is a possible for your organization, please evaluate one of our 3000 series.  I think you will find that we are making strides on the management performance side.  Thank you

Highlighted
L6 Presenter

Re: Management CPU is 100%

Also check with the supplier if a discount is possible for replacement of your 2000 boxes?

That is so you wont have to pay the full price of a new pair of 3000 boxes if you return the 2000 boxes at the same time.

The 500 series has a ram upgrade available (which lowered the commit times with about 30% or so according to posts in this forum) which unfortunately doesnt seem to be possible for the 2000 series.

Highlighted
L4 Transporter

Re: Management CPU is 100%

egearhart wrote:

... vote with your budget... change firewall vendors. Sad but true. Where I currently work, the Palo Alto QA missteps we have seen are causing us to seriously reevaluate our firewall strategy.

Trouble with that is finding another device which is as effective - the PAN filtering model is kinda like crack - one you've had it, it's damn hard to break the habit! :-)

Highlighted
L4 Transporter

Re: Management CPU is 100%

I hear you, and honestly I want PA to succeed. I like the "story" of the little guy with the game-changing and revolutionary ideas winning (as the oldest example i have of that, I got on board with Linux around 1998, when I was like... 15).

I just want them to improve the QA process, test these new features, and ultimately not make me look foolish for 'cheerleading' for them at work.

Highlighted
L4 Transporter

Re: Management CPU is 100%

egearhart wrote:

I hear you, and honestly I want PA to succeed. I like the "story" of the little guy with the game-changing and revolutionary ideas winning (as the oldest example i have of that, I got on board with Linux around 1998, when I was like... 15).

Youngster. :-)

egearhart wrote:

I just want them to improve the QA process, test these new features, and ultimately not make me look foolish for 'cheerleading' for them at work.

I'd like not to have to keep covering my arse by slipping upgrades in at 4 am in the hope that I can figure out if they've gone pear-shaped before everyone else gets here at 8.

Highlighted
L1 Bithead

Re: Management CPU is 100%

At the time of purchase (years ago), the 2050s weren't the slowest devices and the salesman & engineers that evaluated our operations deemed the 2000 series to be adequate to our needs. It appears as though the newer software (I'm on 4.1.12 now) , was designed beyond the limits of the 2000 series because the older versions (3.1.x) worked better for the  hardware. The feature set and abilities of the newer software is better and improved, and I greatly appreciate that fact, but it doesnt run fast on the older boxes like mine.

We are considering new series boxes and we will research other solutions as well, but I don't like the "fix it by investing large sums of money in a new mid grade box" mind set. Will the newer 3000 series be treated the same way in a couple of years? Our budget is not unlimited, we cannot chunk our old boxes and buy new ones every 2 or 3 years. I feel it would be a better design to be able to upgrade some of the hardware in the device, the 500 series can and I would've appreciated that functionality in my device too.

Highlighted
L4 Transporter

Re: Management CPU is 100%

Your response reflects 100% of what I was thinking when I saw the "just go buy 3000 series appliances!" response...

Highlighted
L4 Transporter

Re: Management CPU is 100%

darren.gibbs wrote:

I'd like not to have to keep covering my arse by slipping upgrades in at 4 am in the hope that I can figure out if they've gone pear-shaped before everyone else gets here at 8.

Yes, that too ^^

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!