SMBv2 vs SMBv3 performance and application overrides

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SMBv2 vs SMBv3 performance and application overrides

L4 Transporter

I know this has come up before and I've seen the article on disabling server response inspection but this hasn't helped me.

 

We have a blanket SMB override rule for Port 445 traffic that was originally due to a PAN-OS 8.1 bug that just never go addressed later.  I'm trying now to get rid of it but don't want to cause issues by doing so.  I'm trying to disable it a little at a time and do some testing as I go primarily so we can gain the benefits of threat and virus scanning on SMB traffic.

 

I discovered when targeting a few test Windows machines that when I allow application flow as usual and remove the SMB override, my performance on SMBv2 suffers significantly by nearly a factor of 10.  SMBv3 seems unaffected. It doesn't matter either whether I check the "disable server response inspection" box or remove all traffic inspection.  With SMB traffic handled "normally" without the SMB override it is abysmally slow.  

 

What am I missing here? I expected with the SRI gone and no profiles for threats, spyware, AV, etc applied it would run as fast as if I had the SMB override rule applied but it does not.  What am I missing and are there other things we can do to improve performance.

 

The SMB_OVERRIDE application has no scanning applied and is simply based on TCP port 445 only.

 

Any help is appreciated.

 

0 REPLIES 0
  • 2674 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!