As part of a trouble-shooting mission, I converted my 60 rule policy with
variously defined hosts, subnets, rejects, denies, drops, etc. to a single
Accept All rule. I couldn't detect any change in CPU activity or disk I/O.
hermit1
At 12:23 PM 7/27/00 -0400, Marty Saletta wrote:
> I'm trying to figure out how many rules my
>FW setup can handle before performance starts
>to suffer.
>
> Does anyone know a general "rule of thumb" about how
>many rules FW-1 can handle before a performance hit?
>I'm guessing it depends on a number of factors, such as
>the hardware hosting the FW, speed of the network,
>number of hosts, etc.
>
> I'd also like to know how others test performance
>of their rule base (simple FTP transfers?)
>
> On a related note, does anyone know if FW-1 uses any
>sort of algorithm to increase performance? For example,
>if I set up 200 rules to monitor FTP, will the other
>services not using FTP be affected?
>
> Thanks!
> Marty
>
>
>--
>Marty Saletta, System Administrator, Raytheon ITSS Corporation
>NASA Center for Computational Sciences
>Goddard Space Flight Center, Greenbelt, MD
>[EMAIL PROTECTED]
>
>
>===========================================================================
>=====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>===========================================================================
>=====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
