- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
the problem of Download speed degradation on Vwire mode
- LIVEcommunity
- Collaboration
- Discussions
- General Topics
- the problem of Download speed degradation on Vwire mode
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
the problem of Download speed degradation on Vwire mode
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
06-23-2011 02:37 AM
Hello all.
I had a chance to demo for prospective customer and PA was installed at customer’s real networks with V-wire mode.
After installed I tried to speed test using speed test sites.
Upload was ok, but download speed was degradation. (I tested at firmware 3.1.9 and 4.0.1, but both results were same.)
All of VWire interfaces speed/duplex were in Auto-negotiation, and interfaces were established with 1000M/full duplex.
Please let me know that resolve way, if someone who has similar experience.
Eugene.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
06-23-2011 01:39 PM
Eugene,
Can you test with 4.0.3? Also without the PAN, what speeds are you getting?
Thanks
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
06-30-2011 01:24 AM
I had the same problem with threat profiles active (20Mbit/s max on a 2020) that gone with 4.0.3.
Regards,
Riccardo
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
06-30-2011 01:55 AM
I tested at PA 3.1.9, 4.0.1 and 4.0.3 with Anti-virus and anti-spyware profiles, but results were same.
if put into PAN in customer's networks, speed was degradation at PAN3.1.9, 4.0.1 and 4.0.3.
i think it is not a problem of PAN-OS version.
Thanks,
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
06-30-2011 05:59 PM
Eugene,
Have you checked the switches for speed and duplex mismatch errors?
What speeds does the report give if done in front of the Palo Alto?
Thanks
James
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
07-05-2011 10:08 PM
Hello James,
A 'show interface all' from CLI will show you the current, negotiated speed/duplex settings on the PAN. Could we also verify that all appears well on the switch uplinks as well (speed/duplex, errors, resets, etc...). Both the FW & the switch will either need to be configured as Auto/Auto or hardcoded as well, otherwise potential duplex mis-matches could occur. (Both ends of the Vwire should be negotiating at the same speed)
Have you attempted a baseline speed test for comparison prior to implementing any type of security profiles?
Running the following command from CLI will also give you an idea of CPU load, etc... associated with the Dataplane during various intervals: show running resource-monitor
Assuming heavy load as well as potentially high dataplane resource utilization, If possible (preferably during a maintenance window & confirming that interface/switchport issues were not the culprit), can you please apply the following change to your Vwire security policies?
Select 'Options' at the far right of the policy & check the option for 'Disable Server Response Inspection'. Commit & attempt your download tests. (Though you could probably give this option a test regardless & compare performance)
Description below:
Disable Server Response Inspection:
To disable packet inspection from the server to the client, select this check box. This option may be useful under heavy server load conditions.
Regards,
Bryan
- False Positive Submission in VirusTotal
- Not able to upgrade MacOS in General Topics
- Using Okta Auth for GP Portal fails at Config Selection Criteria in GlobalProtect Discussions
- Update Remote Firewalls from Panorama Fails in Panorama Discussions
- I'm a customer and I only want to download a VM-series OVA file in Prisma Access Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
