Symantec Privileged Access Management

Hello Everyone,

I have 2 PAM version 3.4 appliances in a multi-site cluster. These 2 appliances are secondary site, while primary site has 3 appliances.

There is a problem connecting to servers from PAM(Both Primary Site and Secondary Site) using RDP and SSH, the performance is very slow when the connection to servers is being established, sometimes it can take around 30+ seconds. Once logged into the target server, there is no performance issue.

Is there a way we can monitor this for errors or why is it taking this long to connect? On other regions for example, which are not part of the multi-site cluster, PAM 3.4 is connecting to servers extremely fast unlike the previousely mentioned appliances.

And if you have any suggestions regarding the firewalls, Load Balancer or any other configuration that can help speed up the connections. And also if there is any suggestion how to set port 8550 query to rejected(from this article: https://knowledge.broadcom.com/external/article?articleId=10007) as the firewalls only have allow and deny options.

Best regards,

------------------------------
Nikola Milosavljevic
Security Consultant
------------------------------

Hi Nikola

I had a similar problem in version 3.3.3, in my case the connections took more than 50 seconds, even up to 2 minutes.

I solve support by connecting to the Operating System and modifying some records among those in the hosts file. The case number was 31791725.
Original Message:
Sent: 07-09-2020 11:08 AM
From: Nikola Milosavljevic
Subject: PAM 3.4 RDP and SSH Connecting is slow

Hello Everyone,

I have 2 PAM version 3.4 appliances in a multi-site cluster. These 2 appliances are secondary site, while primary site has 3 appliances.

There is a problem connecting to servers from PAM(Both Primary Site and Secondary Site) using RDP and SSH, the performance is very slow when the connection to servers is being established, sometimes it can take around 30+ seconds. Once logged into the target server, there is no performance issue.

Is there a way we can monitor this for errors or why is it taking this long to connect? On other regions for example, which are not part of the multi-site cluster, PAM 3.4 is connecting to servers extremely fast unlike the previousely mentioned appliances.

And if you have any suggestions regarding the firewalls, Load Balancer or any other configuration that can help speed up the connections. And also if there is any suggestion how to set port 8550 query to rejected(from this article: https://knowledge.broadcom.com/external/article?articleId=10007) as the firewalls only have allow and deny options.

Best regards,

------------------------------
Nikola Milosavljevic
Security Consultant
------------------------------

I have seen this caused by DNS servers as well (which makes sense that editing a hosts file would help).  The customer was using a working DNS server, but switching to one that was closer (physically and logically) resolved the issue.
Original Message:
Sent: 07-09-2020 11:54 AM
From: Julian Riano
Subject: PAM 3.4 RDP and SSH Connecting is slow

Hi Nikola

I had a similar problem in version 3.3.3, in my case the connections took more than 50 seconds, even up to 2 minutes.

I solve support by connecting to the Operating System and modifying some records among those in the hosts file. The case number was 31791725.
Original Message:
Sent: 07-09-2020 11:08 AM
From: Nikola Milosavljevic
Subject: PAM 3.4 RDP and SSH Connecting is slow

Hello Everyone,

I have 2 PAM version 3.4 appliances in a multi-site cluster. These 2 appliances are secondary site, while primary site has 3 appliances.

There is a problem connecting to servers from PAM(Both Primary Site and Secondary Site) using RDP and SSH, the performance is very slow when the connection to servers is being established, sometimes it can take around 30+ seconds. Once logged into the target server, there is no performance issue.

Is there a way we can monitor this for errors or why is it taking this long to connect? On other regions for example, which are not part of the multi-site cluster, PAM 3.4 is connecting to servers extremely fast unlike the previousely mentioned appliances.

And if you have any suggestions regarding the firewalls, Load Balancer or any other configuration that can help speed up the connections. And also if there is any suggestion how to set port 8550 query to rejected(from this article: https://knowledge.broadcom.com/external/article?articleId=10007) as the firewalls only have allow and deny options.

Best regards,

------------------------------
Nikola Milosavljevic
Security Consultant
------------------------------