High Dataplane CPU usage after migrating from PA-3200/5200 firewalls to PA-3400/5400 Firewalls

• High DP CPU usage on PA-34xx or PA-54xx series firewalls after migrating from accordingly PA-32xx or PA-52xx series firewall
• QoS enabled on all or some of the interfaces
• Example of 'show running resource-monitor' output taken from PA-5410 with an empty QoS profile enabled on all interfaces (for throughput monitoring purpose):

• PA-3400 series
• PA-5400 series
• Supported PAN-OS
• QoS

• New way of processing QoS traffic compared to the older models, hardware based on PA-32xx/PA-52xx series vs software based processing on 4th generation firewalls (PA-34xx/PA-54xx)

1. Disabling QoS profile on some of the interfaces.
2. Adjusting QoS policy so that only the necessary traffic is subject to QoS processing.
3. Configuring Lockless-QoS is documented under Palo Alto Networks documentation.
4. Output from the same PA-5410 firewall as in the symptom field, after disabling QoS:

If QoS profile is used with no policies and applied to all interfaces for throughput monitoring purpose, it is advised to disable it before migrating to either PA-34xx or PA-54xx series firewall