This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Slow VPN throughput after update to 5.0.7
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- General Topics
- Slow VPN throughput after update to 5.0.7
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
1 ACCEPTED SOLUTION
Accepted Solutions
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-18-2013 08:46 AM
Hello Ianhan,
As Apasupulati explain about the buffer functionality in PAN-OS very well on above post. So, once the buffer will exhaust ( 1/8192 0x80000000bb410700 ), all incoming/outgoing packet will be in queue for a long time to allocate packet buffer for further processing. As a result you will see an unexpected delay / slowness of traffic processing. Every time you will reboot this firewall, the packet buffer counter will reset to normal ( 8134/8192 0x80000000bb410700).
The PAN engineering team has already identified the issue with this version PAN-5.0.7 and fixed in a temp-fix version. For better and longer stability, i would recommend you to upgrade the PAN-OS of this firewall.
Hope this helps.
Thanks
14 REPLIES 14
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-13-2013 10:00 AM
Hello Hannes,
Could you please apply below mentioned command after every 10 minutes and share the o/p with us.
> debug data-plane pool statistics
> show system statistics session
> show running resource-monitor
Thanks
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-13-2013 11:00 AM
Hello.
We have same performance after update from 5.0.5 so no performance issue.
Check on PA-2050, PA-500 and PA-200
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-14-2013 12:05 AM
Please run the following commands and show the entire output. The sample out would seem something like below and more.
admin@500> debug dataplane pool statistics
Verify Software pools are not depleted:
Software Pools
[ 0] software packet buffer 0 : 16384/16384 0x8000000021800680
[ 1] software packet buffer 1 : 8192/8192 0x8000000022010700
[ 2] software packet buffer 2 : 8192/8192 0x8000000022818780
[ 3] software packet buffer 3 : 4096/4096 0x8000000023820800
When the issue is happening If by any chance the number is reaching to 1 that would indicate that some buffer is leaking. If this is the case you will need to open a case with Tech support to further investigate the issue.
Hope this helps.
Thanks
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-16-2013 09:50 AM
Upgraded our 3050 pair 2 weeks ago and have not heard of any issues with VPN yet. Will keep monitoring now. Resources appear in good shape. Thanks!
Related Content
- PA-300 induced high latency for GP clients with just 200Mbps troubput in GlobalProtect Discussions
- possible to know what triggered malicious website classification on my website? in General Topics
- Intense SSO failures in Cortex XDR Discussions
- How to solve Timeout error in market place in Cortex XSOAR Discussions
- Prisma Cloud Remediation - Invalid CLI script in Prisma Cloud Discussions
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks