05-23-2021 11:57 PM
We did a change from another vendor to PA. We realise that backups (vmware) were transferring very slow. So we created a app_override in order to avoid L7 in this VMware traffic. After that the spped for backpus got better.
So i have several qestions:
-Why is this happening? whats wrong L7 inspection does in order to slowness?
-what kind of traffic app_override can improve?
05-24-2021 01:07 AM
What PAN-OS version do you have installed?
Prior to the app override do you have also secirity profiles configured or only a security policy with app-id? Did you check global counters when the traffic was slow?
05-24-2021 01:51 AM
We have a security rule permitting backups VMWARE ports.
The idea is to know whats wrong in order to use app_override.
05-24-2021 03:58 AM
First I recommend to upgrade to 9.0.13 which is the preferred releasd of PAN-OS 9.0. (PAN-OS 9.0.9 is almost one year old).
The issue might be some bug in app-id processing that some buffers are full and because of that packets are dropped which results in poor performance. Something like that you may see when you check the global counters (with proper filters for your backup connection applied). As you no diabled layer 7 processing the buffers aren't used and the performance isn't degraded. Obviously this is only an assumption as I don't know this issue in detail, but again, I recommend to upgrade and check again then if it may be already solved the issue.
05-24-2021 04:58 AM
What global counter flag should i keep in mind for this?
05-24-2021 05:21 AM
Which one exactly I cannot say right now, but with filtering for severyity drop and/or errors you maybe see values which increase during such a connection and this might be an indicator for a problem like the one I was talking about.
05-24-2021 03:20 PM
Another thing to remember about app override is that the PAN will not scan the traffic for any malicious payload. So I would say you really need to trust that traffic.
05-25-2021 03:48 AM
Yes we know. We just wanted to know what PA produce this slowness,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!