We upgraded to a 1gb/s internet connection from a 50mb/s on Friday. For some reason we are only seeing a max of maybe 250-300mb/s but in most cases we are at 175mb/s.
We have a PA-3020, with App-ID enabled and Threat. We did our research before upgrading and thought we would see closer to 1gb/s with this firewall.
Any ideas on what we can check for?
When we remove the PA from the mix, we are over 900mb/s.
We are a fairly small organization with about 300 staff.
Not quite sure where to look for the max sessions.
As far as qos for inbound/oubound traffic, there is one policy that was added as our Webex experience was poor. The QOS seemed to resolve it.
Found session count. 4780 / 262142
We are using 3% management and 5% dataplane.
You'll want to take a look at that QoS policy or post the configuration here so that we can take a look at it. You could easily have that misconfigured so that the firewall isn't attempting to use full bandwidth due to QoS.
The policy is pretty basic, set to real-time with no bandwidth limit. using the default for tunneled traffic.
I removed the policy and tested with Google speed test and the results were the same.
@calumetcounty Are you doing any SSL decryption?
--edit-- Also try using this site as a confirmation of throughput testing. https://www.thinkbroadband.com/download in the past working with Palo TAC engineering team they recommended using more of a "file transfer" versus the theoretical throughput testing sites.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!