This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

PA-200 configuration for low bandwidth site

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PA-200 configuration for low bandwidth site

rmilman
Not applicable

‎09-03-2014 12:14 PM

Hi there,

We have a PA-200 recently deployed at a low bandwidth field site. Monitoring the traffic shows the majority of traffic is from the PA-200 itself, checking for updates, Panorama, Wildfire, etc. Is there a way to configure a PA-200 to only perform this on a scheduled basis? Right now it's transferring about 400Mb per day, which puts it way out at the top of all the traffic reports. I'd really like to quieten it down a lot.

Thanks,

Rob

Labels:
0 Likes Likes
5 REPLIES 5

bat
L5 Sessionator

‎09-03-2014 12:18 PM

Hi rmilman

You can schedule Dynamic updates through WebGUI by going to Device > Dynamic Updates.


Also the following documents can be helpful:

How to Determine the Update Schedule for Licensed Features

Tips for Managing Content Updates

Thanks

HULK
L7 Applicator

‎09-03-2014 12:31 PM

Hello rmilman,

Could you please let us know if you have configured any schedule for Wildfire and antivirus. Because, these 2 feature are having the option to get updates every 1 Hr.

First, if you have configured a file blocking profile with action "forward" ( send to wildfire), the suspicious file will be sent to the cloud for analysis, it will take enough bandwidth on your PAN firewall. Secondly, if you are using URL filtering profiles on a security policy and the destination URL's are not available on the Local-DB, the PAN firewall will send the query every time to the Cloud-DB.

Hope this will helps.

Thnaks

hshah
L6 Presenter

‎09-03-2014 12:31 PM

Hi Rmilman,

PANW firewall will contact wildfire whenever you exchange file across firewall. If file is unknown to wildfire than communication is bigger, if its known than small. You shouldnt disable this behavior else its a security hole.

Now, You can schedule other content updates like antivirus, threat and application. You can schedule them weekly or daily basis depending upon requirement. Do it for night 3:00 AM when traffic is minimum. Follow bellow instructions for the same.

Schedule Update.png

Regards,

Hardik Shah

0 Likes Likes

HULK
L7 Applicator

‎09-03-2014 12:36 PM

Since your primary requirement is to reduce the bandwidth utilization, i would suggest you to schedule it once in a week (preferably on Sunday/ non-business hours)

Thanks

mivaldi
L7 Applicator

‎09-03-2014 03:44 PM

Mind that the firewall updates are protecting your network, so I would think that is actually... a good thing.

If you are concerned about saturation, you should explore QoS, and give the Palo Alto Networks firewall updates traffic lesser priority.

See QoS in PAN-OS 4.1

Having that said, I would advise against expanding the update schedule, and in favor of correctly prioritizing your traffic.

Best regards,

Mariano Ivaldi

0 Likes Likes
  • 2927 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks