Device Model: PA-5220 HA Mode Active-standby
The questions below as I couldn't find anything on Palo Alto website.
Recently we have upgraded Palo Alto to v10.0.0.
1. Web management interface became very slow and searching logs takes very long time to load.
Kindly advise if there’s any solution for that. Can we disable services of some added unused features, like SDWAN or IoT? Or is there any work-around to make it faster?
2. Integration with ArcSight Syslog server is not working well as logs are not parsed correctly.
Seems the raw data format sent from Palo Alto changed in this version. Kindly advise how to fix this.
Can we change the format to be similar to 9.0.x or 9.1.x format?
I was reading the 10.1.5 release notes that came out. Some mention around logging and possibly improvements but does not give too much specifics. I will possibly update to 10.1.5 and let you know.
PAN-186725 - "Fixed an issue where index creation failed when Elasticsearch attempted to create a new index with a duplicate index name"
PAN-186516 - "Fixed an issue where log queries that included WildFire submission logs returned more slowly than expected"
PAN-184076 - "Fixed an issue on the firewall web interface where logs were delayed when querying for logs."
Hello, I have the same Monitor Log tab slowness on a Panorama VM after upgrading from PAN-OS 10.0.10 to PAN-OS 10.1.6. I haven't yet upgraded the managed devices (physical and VMs). The PAN-OS 10.1 is not minimally reliable at all and I'm very worried too because PAN-OS 10.0.x EOL it's so close. I don't know if the Bugs founded in the Release Notes by @SpiroKU were fixed just for PA devices and not for Panorama.
I've opened a case with TAC but after a week they haven't found a fix.
So update from me, upgraded to 10.1.5-H2. I mean, the logging seems slightly better but cant say it performs the same way as it did in PANOS 9.1 which is a shame. Also I have stopped relying on any data past 5 days. In addition, 10.1.5-H2 seems to have broken the global find where you expand objects, or well at least for me, and the generate certificate in the certificate store seems to place it in the wrong location in the running config (case opened with Palo Alto).
So, while it may be that upgrading fixes one thing, it breaks another. Wish I could downgrade but Palo Alto forces you to use 10.1 if you want Advanced URL filtering which too still shows as "License required for URL Filtering to function".
Has anyone had any luck with this? We are still struggling through but this seriously impacts our ability to work effectively. We're currently on 10.1.6-h6 but this has been going on since we upgraded into the 10.1 chain. We sometimes have to wait for 10 minutes before a search will complete. That's unacceptable, especially when you're in a troubleshooting call with multiple parties trying to find an issue.
Has anyone found any relief in later revisions of code?
If you have 220 or 850, you never getting this performance back. The Octane Processors used on those hardware are so slow. If you have something larger bigger, Go to new preferred release 10.1.9h3, its much better.
If you talking about Panorama make sure after the upgrade you changed System disk to 224G instead of 81G. This was huge fix for us. Ref: https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/set-up-panorama/set-up-the-panorama-vi...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!