This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

VPN Performance over Prisma Access : slow downloads

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

VPN Performance over Prisma Access : slow downloads

zGomez
L3 Networker

‎10-12-2023 07:50 AM - edited ‎10-12-2023 07:52 AM

Hi,

 

Can somebody tell met what you can expect from downloading a file over prisma access backbone.

Our datacenter is connected to service connection and when I try to download a 200 Mbps file from the datacenter to a remote network located in the same region, I am getting a download speed of 500Kbps per second.(smb transfer)

Within the remote site copying a large file over the firewall from a local file server I am getting speeds up to 35 Mbps and increasing, so threat inspection or local firewall doesn't seem to be the issue.

The remote site has a 200/200 link the DC has a 500/500 link.

 

 

1 person had this problem.
0 Likes Likes
5 REPLIES 5

NuvinG
L1 Bithead

‎02-24-2024 10:14 AM

We are having similar problems but unfortunately non of the PAN support team have been able to resolve the issue.

The only actions they did today was repeated packet captures and then they keep changing engineers to gain time.

This is negatively impacted business and it seems that PAN does not care.

The issue has been reported more than 3 months back and still pending!

0 Likes Likes

zGomez
L3 Networker
In response to NuvinG

‎02-26-2024 07:53 AM

Hi NuvinG,

 

Troubleshooting performance issues is always hard.   Are you experiencing slowness in all kinds of traffic or only SMB traffic?

SMB protocol is not the most performing protocol it was never designed to be used on higher latency networks.

You can try some things,

1. Make sure dns is not slowing you down.

2. Test if you IPSEC tunnel on global protect client works faster then over SSL.

3.  Disable inspections on SMB traffic.

4.  use ipert to test you speed.

 

0 Likes Likes

NuvinG
L1 Bithead

‎03-18-2024 09:17 AM

Hi  zGomez,

Thank you for this and we have been working with PAN support and they are still struggling.

We have also been disabling SMB multichannel (Deploy SMB Multichannel | Microsoft Learn)

So up to now this is still an issue.

Thanks

 

0 Likes Likes

GOMEZZZ
L2 Linker
In response to NuvinG

‎03-18-2024 10:11 AM

Hello,

 

Did you try disabling all inspection for SMB? Or dit an app override for SMB. Is there any other application going slow? Or only SMB. What speeds are you getting? Can you do a test with iperf and post output.

can you maybe do a packet capture on client side and firewall.  What are the MTU settings on your tunnel interface?

are you using SSL or IPSEC for your global protect client. 

0 Likes Likes

rdumoulin
L2 Linker
In response to NuvinG

‎03-19-2024 06:08 AM

@NuvinG I see that you are using SC and RN. Are you using PANW NGFWs to Prisma Access? 

 

NGFW -- Prisma Access -- NGFW? What models?

 

Regards

 

--Richard

0 Likes Likes
  • 1329 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks