Re: Firewall-1 Rulebase Maximum Size

Tue, 30 Jan 2001 14:18:11 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It would really depend on the rules themselves in addition to the
hardware/software (NAT's, how your objects are defined,etc.). I would
really try to set yourself a limit of like 50 rules. Once you go beyond
that, it starts to getting really hard to manage and CPU utilization
starts heading for the ceiling (depending on throughput which is obviously
another huge factor.. 50K connections through a 150 rule policy is
completely different than 10K connections).

How's that for a nice gushy answer??   heheh =) 


Carric Dooley
Senior Consultant
COM2:Interactive Media

"But this one goes to eleven."
- -- Nigel Tufnel


On Mon, 29 Jan 2001, Smedegaard, Paul C wrote:

> Here's the environment:
> 
> HP-UX, 512MB RAM, Firewall-1 4.0
> 
> Is there a theoretical maximum size or number of rules that I can have?  If
> so, what are the parameters and input that go into this calculation?  How
> can I increase the rulebase size if necessary?  Any and all help is
> appreciated.  
> 
> Thanks, Paul
> 
> 
> 
> *****************************************************************************
> The information in this email is confidential and may be legally privileged.
> It is intended solely for the addressee. Access to this email by anyone else
> is unauthorized. 
> 
> If you are not the intended recipient, any disclosure, copying, distribution
> or any action taken or omitted to be taken in reliance on it, is prohibited
> and may be unlawful. When addressed to our clients any opinions or advice
> contained in this email are subject to the terms and conditions expressed in
> the governing KPMG client engagement letter.         
> *****************************************************************************
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> 

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
Comment: Made with pgp4pine 1.75-6

iQA/AwUBOndAlVUqWOkDpMZ2EQIzngCdG3/KHd5s/bgMn4l6aGv/KYqpngsAn0Wt
arnC/2pE4Nxb93xiwa8JnqGT
=AZMc
-----END PGP SIGNATURE-----


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to