12-17-2014 07:20 AM
Hello,
I'm having some performance issues with a particular site. I opened a case, but I thought I would pick people's brains here.
I'm working my way backwards from the client out to the edge of our network to see if there's any obvious issues on my end. Is there any diagnostics or fact finding to determine if my PA3020 is showing any performance or connection problems with a particular website?
Thanks in advance!
-Ian
12-17-2014 07:50 AM
Hi,
First use tools like dev tool integrate in Firefox (for exemple), just to know if the perf issue is comming from one object in the page or gloablly from page.
Then, make pcap in Palo (at drop stage) to know if there is, for any reason drops on network.
After that you can:
disable any profile for bypassing all L7 analyse done by the palo
Create app overide
Create dedicate security rule
...
Many test to do 🙂
V.
12-17-2014 07:55 AM
Hi Vince,
Thank you for responding. Do you know if there's something specific to Chrome I can try? That is the browser that my users are utilizing. I'll look into the traffic tool as well. The engineer didn't see anything obvious from the standard tools, but did want to look into some traffic logging for fragmentation errors.
-Ian
12-17-2014 09:05 AM
Do you have a data filtering profile turned on? We have experienced issues in the past depending on what regular expressions were used in that.
Other than that, I agree with VinceM , you can either throw the specific site in an override or put a specific rule in for it that you can remove inspection profiles from to see if a certain one is causing the slowness.
12-17-2014 12:37 PM
I do not have any data filtering rules under objects/data filtering. Regarding the override, would I be putting that into the Policies/Security section or is there another place to put the site/ip?
12-17-2014 02:42 PM
I have also used HTTP debuggers to help isolate this type of issues. Fiddler (www.telerik.com/download/fiddler) and HTTPWatch are the ones I've used in the past.
12-18-2014 05:24 AM
I agree with parmas, Fiddler is a powerful tool to diagnose issues with a website. This may tell you if the specific site is having problems fetching a specific part.
12-18-2014 05:27 AM
Application Overrides are in a separate policy section. I would suggest using this to rule out inspection as the reason for the slowness but if you notice it resolves it I would take the override out and test a specific rule for the site where you add inspection profiles back until you find the cause. Application overrides basically bypass any inspection.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
