Hi all,
I am a newbie on FW-1 and I have faced the
following problem.
Our site contains about 8000 machines.
Recently we have put 2 FW-1 modules (Dual P-III 700MHz, 1GB memory, CP4.1
(SP5) on win2k) in front of them. We have 2 rules which uses security
processor to detect Code-Red and Nimda attacks.
When I enabled those 2 rules, lots of new
http connections could not be made with the error "cannot connect to www
server". CPU utilization grew to about 60% (on each processor)
immediately. As I enabled those 2 rules during non-peak period, I
believed that the situation would be far worse during peak
hours.
I have heard that security processor is
CPU-intensive. So is it possible for me to use the security processor
in my case? Is there any guidelines / recommendations on the size of
the site and hardware configuration in order to run the securiy processor
smoothly?
Thanks in advance :>
KH Cheung HKUST
|