Does anybody knows any tips to improve mgnt tasks (policy changes, monitors checks, commits... etc etc) in a slow box PA2020?
I am working w/ this model since november 2013 and I am facing so many problems w/ slow response during management....
My box do:
- User identification from external agent
- URL filtering by bright cloud
- Around 200 security policies
- Around 5 Nats (all of them outbound)
- Usually 2 users do changes at same tima during our normal business hours.... (1 deals w/ URL filtering e another one w/ FW rules, monitors, etc etc....)
- Usually we see mgnt plane working at 98% all the time....
thanks in advance for any help on that!
But still, I fear PA will not act. By the time our issue-report is complete, I expect PA support to say "please upgrade to version X first" (what we just did because they told us to) ... to start all over again.
Been there, done that. At least twice.
I've got a 3020 in service at another location, and the difference in commit times is staggering - I can commit the config through *10* changes on the remote site before I get *one* change done on my central site's 2020's.
Software version doesn't make one bit of difference. If anything, it gets slower with software upgrades as they push more "features" into the base OS install/
bdeschut - I saw an improvement exactly *once* - when I upgraded from, I think, 4.1.6 to 4.1.8-h3 - management CPU went from 70% constantly with spikes to 100% to only having spikes to 70% every five minutes - and it's been that way *ever* since. That's not an improvement - that's simply a change in priority/frequency of the process which is causing the issue.
.... I understand why they won't make it customer upgradable like the PA500 (because you have to expose the power supply on the 2000 series)...
This, I sadly have to say, is typical American "no liability" nonsense.
Come on, we're all professionals here. Or we can find someone really easy who has the right certification to open te box. As if anyone would attempt a RAM upgrade on a box like that while it's running...
Unfortunately the reality of it is Palo Alto Networks is headquartered in America, and the sue happy society we have makes corporate lawyers gun shy about letting customers open up the boxes they sell (rightfully so.. all it would take would be one person getting shocked and PA could have a huge lawsuit on their hands).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!