Prisma Access Agent
Configure the Prisma Access Agent MTU
Table of Contents
Configure the Prisma Access Agent MTU
Learn how to configure the Prisma Access Agent MTU to improve network performance and
reduce fragmentation in your Prisma Access environment.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
Prisma Access Agent connections can traverse through multiple ISPs and network hops
with MTU values lower than the standard 1500 bytes. When the static agent MTU value
is lower than what an ISP is offering, excessive fragmentation and additional
overhead occurs, resulting in lower throughput. Dropped packets in the ISP network
path also trigger retransmissions that contribute to suboptimal performance. Using
optimized Prisma Access Agent MTU can help you avoid tedious manual determination
and configuration of the optimal MTU value, and prevent users from experiencing poor
performance that impacts their productivity.
Default Behavior
The optimized Prisma Access Agent MTU feature is enabled by default to enhance
network performance. It utilizes automatic path MTU discovery to detect the optimal
MTU size for the network path between the agent and the gateway. This process
operates automatically without manual intervention, ensuring optimal performance
across different network conditions.
Although the optimized MTU is enabled by default, you can choose to override it and
manually configure the MTU packet size. The discovered or configured MTU is applied
to the virtual interface (VIF) used for the tunnel connection. This feature supports
both SSL and IPSec tunnel protocols, with different overhead sizes calculated for
each protocol type. Optimized MTU is supported on Windows and macOS agents.
To manually configure the MTU, complete the following steps:
- Navigate to the Prisma Access Agent setup page.
- From Strata Cloud Manager:
- Select WorkflowsPrisma Access SetupAccess AgentPrisma Access Agent.
- From Panorama:
- From the Cloud Services plugin in Panorama, select PanoramaCloud ServicesPrisma Access AgentLaunch Prisma Access Agent.
- Select WorkflowsPrisma Access AgentSetupPrisma Access Agent.
Add an agent setting or edit an existing agent setting.- Select the match criteria (OS and User Entities) for the user or user group that will receive this configuration.In the App Configuration section, configure the MTU.
- By default, Optimized MTU is
Enabled. The MTU is the largest
packet size that Prisma Access Agent can send in a packet during
a transmission. To automatically determine the best MTU to use
for packet transmissions, make sure this option is
Enabled.
- To manually configure the MTU size, disable Optimized
MTU. The Configurable MTU
(Bytes) field appears for you to enter a size
for the MTU. The range is 576-1500 bytes.If you leave it unconfigured, the system will default to 1400 bytes. If you set a value outside this range, the text box will turn red and the Save button becomes disabled. For example:
Configure other agent settings if needed and Save the settings.Push the Prisma Access Agent Configuration.(Optional) Verify the configuration by using the PACli tool on the agent.- Use the pacli gateway command to display the last
MTU detected for the current list of gateways. For example:
- Use the pacli tunnel command to display the
current connection (tunnel) MTU. For example:
- From Strata Cloud Manager: