This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Siebel - on PA2020 v.5.0.11 - slow

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Siebel - on PA2020 v.5.0.11 - slow

Go to solution
DimitrisK
L1 Bithead

‎06-16-2014 11:36 PM


Hello all,

we have recently Siebel 7.8 which is behind the PA2020.

The speed working on Siebel is so slow that in some requests freeze the clients.

I created a test client which bypasses the PA and siebel runs perfectly.

I created an application override with a custom application but the PA would not recognize the application and will not go through that rule.

The application override was created following this link How to Create an Application Override Policy

I used the inbuild app (siebel-crm) on the application override and rule. The traffic now passes through the rule but the speed is worse then dail-up connection.

Does not seem that it is overriding the app.

I increased the session timeout on the inbuild siebel-crm app and that stopped the clients from freezing and improved slightly the speed,

but still nowhere close to having the clients off PA. That is not an option.

Is there any other way to completely overide the app?

Thank you

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
HULK
L7 Applicator
In response to DimitrisK

‎06-17-2014 07:55 AM

Hello DimitrisK,

Thanks for your reply. From the above mentioned application override policy, it, looks like you are using default application "Siebel-crm" on the policy. In order to apply an override policy, you need to create a custom application. You should not use the default Application  to override.

Please find below an example:

Step-1: Go to Object > Application > Add a new application i.e Siebel-custom

Siebel-1.JPG

Step-2: Add the protocol/port number of that application.

Siebel-2.JPG

Step-3:

siebel-3.JPG

Step-4: Add the custom application on the override policy ( not the default Siebel-crm).

Siebel-4.JPG

Hope this helps.

Thanks

View solution in original post

0 Likes Likes
8 REPLIES 8

Go to solution
HULK
L7 Applicator

‎06-16-2014 11:57 PM

Hello DimitrisK,

Would it be possible for you to share the custom app configuration and other details ( screen-shots). We need to see, why it is not going through the appropriate policy. Once the traffic will go through the override policy, then we would be able to compare the performance.

Thanks

0 Likes Likes

Go to solution
DimitrisK
L1 Bithead
In response to HULK

‎06-17-2014 12:35 AM

Thank you for your quick response, this issue is bugging me for the last week!

On the print screen the destination address on the application override policy is an IP same as on the security rule.

On the security rule the source addresses are 2 /24 networks 1 /23 network and 2 IPs.

I hope this helps.

siebel01.png

0 Likes Likes

Go to solution
HULK
L7 Applicator
In response to DimitrisK

‎06-17-2014 07:55 AM

Hello DimitrisK,

Thanks for your reply. From the above mentioned application override policy, it, looks like you are using default application "Siebel-crm" on the policy. In order to apply an override policy, you need to create a custom application. You should not use the default Application  to override.

Please find below an example:

Step-1: Go to Object > Application > Add a new application i.e Siebel-custom

Siebel-1.JPG

Step-2: Add the protocol/port number of that application.

Siebel-2.JPG

Step-3:

siebel-3.JPG

Step-4: Add the custom application on the override policy ( not the default Siebel-crm).

Siebel-4.JPG

Hope this helps.

Thanks

0 Likes Likes

Go to solution
DimitrisK
L1 Bithead
In response to HULK

‎06-17-2014 10:47 PM

Hulk thank you, that did the trick. seems to be working smothly and fast. apart from one function within Siebel.

Though I noticed that the service needs to be defined in the security rule also for the override to work.

One last question,  does the override of the custom-app created, completely ignors the timeouts and characteristics specified? or can thoughs be tweeted.

Thank you


0 Likes Likes

Go to solution
HULK
L7 Applicator
In response to DimitrisK

‎06-17-2014 11:59 PM

Hello DimitrisK,


If you want, you can specify the timeout value for this specific application traffic, else it will take the global TCP (3600 Sec), UDP (30 Sec) timeout value.


Thanks

Go to solution
DimitrisK
L1 Bithead
In response to HULK

‎06-18-2014 12:11 AM

thank you Smiley Happy

Go to solution
wvechamaneesri
L1 Bithead
In response to HULK

‎09-22-2015 08:02 AM

My customer face this issue too. However, they dont want to use app override as it bypass all content inspection. Do you know what is the root cause of slowness when enabling app-id on this application?

0 Likes Likes

Go to solution
cpainchaud
L4 Transporter
In response to wvechamaneesri

‎09-22-2015 10:22 AM

bypassing content inspection on this one is not an issue if there is nothing to protect anyway for Siebel.

 

I advice you to open a TAC case with some packet captures.

0 Likes Likes
  • 1 accepted solution
  • 5284 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks