- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-24-2018 11:22 PM
Hi,
PA in vwire mode , zone client and zone servers
In zone servers there is a print server(windows) and the zone client users pc .
Users are trying heavy duty printing (50-100) pages .
User complaining about slow operations
How can I verify pa is bottleneck or making some issues
data plane is seems to be ok
Thanks
01-25-2018 03:20 AM
Hi,
Printer and users are in the clietn zone
01-25-2018 03:30 AM
firstly... have you checked the status of the print job on the print server.
it may give some indication..
i would imagine you are looking for some diagnostics on the PA. I would run wireshark on the print server or the printer port to see what the traffic is doing.
you could use the monitor/packet capture on the firewall and filter printer traffic.
somebody else may post with some clever CLI commands..
01-26-2018 04:37 PM
Hi,
here is the summary of total connections per day from the printer to server
bytes 15.91 G
sessions 29.39 k
Is it quite large in your experience ?
Thanks
01-26-2018 11:30 PM
Hi,
Is it possible , Pa just monitor and do not take any action against the session .
Thanks
01-27-2018 02:06 AM
Sorry @simsim. I cant advise here because all of our clients, printers and servers are on the same Pan interface.
01-27-2018 06:54 AM
Hi,
What does it mean by same interface ? .Same zone
Thanks
01-27-2018 09:37 AM
Yes @simsim, the same zone.
01-27-2018 09:55 AM
Hi,
The question is out of context , how these servers are protected ?
Thanks
01-27-2018 10:57 AM
Protected from what?.
users?
User devices are all domain members and very restricted.... no command prompt, only allowed programmes ( word, excel, ppoint etc,,,). All tied down by group policy.
the internet?
no acces to these servers from rhe internet, unless via reverse proxy, vdi gateways or global protect for domain membership.
01-29-2018 06:32 AM
I may be totally off base here, but perhaps in this instance the PA is being used to segment printing?
It's been widely publicized that you can use printers to get root access to windows machines using non-privileged accounts. So users would be in one zone and printers in another potentially?
01-29-2018 09:43 AM
@Brandon_Wertz, Hi.
I may be totally off base here, but perhaps in this instance the PA is being used to segment printing?
yes fully understood and totally agree.
@simsim is using Vwire for that very purpose,
I was only saying that I cannot assist @simsim any further as we do not use Vwire.
it is not a requirement for us,
sorry for any confusion or mislead...
Mick.
01-29-2018 10:00 AM
Hello,
I would try a p[rint job from within the same zone and see if the speed changes, e.g. faster or the same. This would be an indication of potential slow downs caused by the firewall. I also have a similar setup but the print servers are remote and honestly we havent had nay complaints. Perhaps the users are just used to the slower printing?
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!