Does anybody knows any tips to improve mgnt tasks (policy changes, monitors checks, commits... etc etc) in a slow box PA2020?
I am working w/ this model since november 2013 and I am facing so many problems w/ slow response during management....
My box do:
- User identification from external agent
- URL filtering by bright cloud
- Around 200 security policies
- Around 5 Nats (all of them outbound)
- Usually 2 users do changes at same tima during our normal business hours.... (1 deals w/ URL filtering e another one w/ FW rules, monitors, etc etc....)
- Usually we see mgnt plane working at 98% all the time....
thanks in advance for any help on that!
Honestly PA needs to throw in the towel on the PA 2000 platform, and replace everyone's PA2020 with a PA3000 series box for free. I could never get published bandwidth specs out of our PA2050, I can't imagine how painful it must be using a PA2020 for real workloads outside of a lab :-(
You don't mention anything about what PAN-OS version you are running or your management resource utilization. I would suggest following below article for some commands to view overall system utilization.
If you still have issue, I would recommend contact TAC to see if there is anything perhaps consuming inordinately large amount of resources or not.
I totally agree with you. We've had these issues for quite some time now. We currently even have a support case open with our local support reseller right now.
Basically, PaloAlto wants "proof" that there is an issue, before they do anything. We've been collecting commit issues, commit times, memory utilization for some time now.
But still, I fear PA will not act. By the time our issue-report is complete, I expect PA support to say "please upgrade to version X first" (what we just did because they told us to) ... to start all over again.
Sadly, this seems to be the default answer to all 2000 series performance issues threads in this forum...
Yeah, and the default reply is "We can't find anything wrong, this is expected behaviour".
I got told last time I logged a job that I should select "manual" updates when I'm sitting in the console instead of the periodic 1 minute I have it set at to take load off the management plane. Ridiculous.
dieterb they should just issue a mass recall and replace everyone's PA2000 with either a PA500 (which in my personal experience can outperform a PA2000) or better yet replace them with the lowest end PA3000!
Or at least put out an upgrade kit to put more RAM into the management plane. I understand why they won't make it customer upgradable like the PA500 (because you have to expose the power supply on the 2000 series), but for f*** sake, I'd *pay* to have someone come out and upgrade the RAM on my 2020's.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!