[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Optimization??
Shannon, I use rules using groups instead of seperate object with there own rules. It keeps my rulebase simple and not large. Also since I have over 15+ firewalls it gives me a overall firewall rulebase standared for each Firewall. Plus it is easier to manage groups than Individual objects. As for performance when I orginaly started I used objects with individual rule's. My rulebase was HUGE. Once I switched to groups the rulebase got a lot smaller and performance increased. Hope this helps. Alberto Cardona II -----Original Message----- From: Shannon Johnston [mailto:[email protected]] Sent: Tuesday, August 28, 2001 12:40 PM To: Firewall One List Subject: [FW1] Optimization?? I'm interested in increasing the performance of our FW-1 (Nokia IP440) and I was wondering about the performance of groups vs. separate rules. For example, I'm setting up a blacklist that will block everything coming from specific IP's. Would it be more beneficial to set them up in a blacklist group and add them all to 1 rule, or would it run better if they were separated into their own rules? We filter serveral million packets per month so any performance gain is welcome. -- Shannon Johnston [email protected] -------------------------------- Hiroshima '45 Chernobyl '86 Windows '95 -------------------------------- ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|