02-27-2017 09:57 AM
Hello folks,
I recently bought a used PA-200 software version 6.1.4 for learning and testing purposes.
I replace my home Linksys with the PA-200 following this article to configure.
It's working. However, I notice that the internet is somewhat slower, loading web pages, etc.
Is this expected? Extra traffic processing, etc?
Curious if there are tips or best practice that could make a difference here?
Thanks!
02-27-2017 02:06 PM - edited 02-27-2017 02:08 PM
HI There,
Try to narrow it down..
is it slow dns response ? change the dns server from what ever is is to 8.8.8.8. If it is 8.8.8.8 change it to what the ISP provide.
switch off threat, url filtering & data filtering if on and test the speed with and without it on
monitor the dashboard when testing for the dp and mp readings - on pa-200 these are closer linked than other models
the version testing with is wee bit dated, try put your hand to at least the lasted release on 6.1
factory reset if not done before you purchased .. better to start with a fresh unit always
best regards
RD
02-27-2017 12:46 PM
Make sure your link settings are set to auto (Network > Interfaces > 'ethernet1/x' > Advanced > Link Settings). Make sure your not decrypting your trusted traffic.
- JD
02-27-2017 01:11 PM
Thank you for responding!
I checked both interfaces (external/internal) and both link settings are all auto.
Not sure how to tell if decrypting traffice on trust.
If you have any other comments let me know, will close thread soon.
Thanks!
02-27-2017 01:52 PM
If you don't recall setting it up then you likely are not decrypting as it's a little bit more of an involved process. The PA-200 really shouldn't affect your overall traffic speed that much. Overall though this would also depend on how much traffic you are processing, if your decrypting traffic, what security policies and such you have configured on the device, and what exactly you were running with before.
I imagine that you are noticing the small delay because your old router wasn't doing anything but processing your traffic, when you put an actual firewall infront of all your devices it would be normal to measure a slight delay, usually it isn't something that you would notice on a consumer link though.
02-27-2017 02:06 PM - edited 02-27-2017 02:08 PM
HI There,
Try to narrow it down..
is it slow dns response ? change the dns server from what ever is is to 8.8.8.8. If it is 8.8.8.8 change it to what the ISP provide.
switch off threat, url filtering & data filtering if on and test the speed with and without it on
monitor the dashboard when testing for the dp and mp readings - on pa-200 these are closer linked than other models
the version testing with is wee bit dated, try put your hand to at least the lasted release on 6.1
factory reset if not done before you purchased .. better to start with a fresh unit always
best regards
RD
02-27-2017 02:27 PM - edited 03-05-2017 06:17 AM
Agreed with all comments. Test with the cable connected to your router switch port with your laptop, where (as people mentioned earlier) create a simple policy with any any (no profiles) allow all to the Untrust zone. Tweak the DNS (remember you cannot use firewall as a DNS server for your clients). If you configure your DHCP server on Palo to use its IP as a first (primary DNS) and secondary any other this could slow down you DNS requests first DNS server will fail to response and client should use/try a secondary but it will be some delays hence slowness. Cannot think of anything else that could slow your traffic fom the firewall side.
02-28-2017 01:32 PM
I run a PA-200 at home as well and have not come across any performance issues. I'm on PAN-OS 7.1.something.
05-27-2017 11:20 AM
OMatlock can you PM ME
i followed that article "somewhat"
along with videos and other stuff and what I do its not working
i know I am missing a checkbox or something.
also for the ippool subnet i dont have that tab. I am on palo alto 5.0.12
05-28-2017 08:28 AM
Hey,
Need a bit more details (current topology, screenshot ect). FYI 5.0.X reached EoL:
https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary
07-15-2017 06:40 PM
I am thinking of uploading config file ....
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
