- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-08-2014 08:03 AM
We have several PAN 3020s at a client site with similar issues but for this, I’ll focus on a specific case. One pair in Active\Passive HA has 124 rules. We started noticing really slow RDP connect performance. (it would take 45 seconds to establish an RDP session to a target where the traffic was passed through the firewall). Out of the 124 rules, the rule which this RDP traffic matched on was around rule 100. If we moved that rule up earlier in the ACL to say, rule 5, the RDP session would only take 10 seconds or less to establish.
So initially, it is looking like the further down the ACL the rule is, the longer it takes the PAN to process that traffic. However, seeing that the 3020 supports up to 2500 policies and we only have 124, I wanted to check with you as it doesn’t seem right.
We are not doing any PBF here. Or App-ID override. Jumbo frames are enabled.
07-08-2014 09:26 AM
Click on User Advanced Editor, it will give options to add files.
07-08-2014 09:47 AM
Note that even on rule 5, establishing the RDP session takes 18 seconds (while going through PAN) which still seems like a long time compared to other environments.
07-14-2014 05:09 AM
There is no reason to see such a delay. You should check that no rule is denying connections from client to server and server to anywhere else (a bit like SSH when DNS is filtered on server side).
If you still experience that problem, you should open a TAC case.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!