Supposed that there is not un upper limit in the number of rules, the *real* question is:
Which is the upper reasonable limit in the number of rules before performances are compromised, i.e. packets are dropped by the firewall and so on? Are there some tests out there which correlates this number with the hardware platform? TIA --Luca On 21/10/05, Tom Rowan <[EMAIL PROTECTED]> wrote: > I once saw 2000+ rules on a 3.0b system many moons ago.... > Madness. > > >On 10/19/05, cisco4ng <[EMAIL PROTECTED]> wrote: > > > > > >>All, > >> > >>What is the maximum number of rules can I have in a security? For example, > >> > >>I have a Provider-1 NG with AI R55w (Manager+Container) running on a DELL > >>dual Processor > >>(1.3GHz) with 4GBof RAM. In this Provider-1, I have 3 CMAs. At the moment, > >>one of the > >>CMAs has about 250 security rules in there, This CMA is managing a SPLAT > >>NG with AI > >>R55w with HFA_04 Enforcement module. > >> > >>I would like to put another 300 rules into this policy. My question is > >>what is the maximum > >># of rules can I have in a security policy, either from a CMA or > >>SmartCenter? > >> > >>I did run into a problem with Provider-1 version 4.1. When the security > >>reaches 260 rules, the > >>I couldn't connect into the policy editor. > >> > >> > > > > > >Got people using NG+AI doing tests with 3,000+ rules without a problem... > > > >So I think 550 should be fine... (but perform a backup before anyway ;-) > > > >- Martín. > > > >-- > >- Mi página web: http://gama.fime.uanl.mx/~mhoz/ > >* "Somos consecuencia del pasado, y causa de nuestro futuro." > >* "Este mundo no nos ha sido legado por nuestros padres, sino lo hemos > >recibido prestado por nuestros hijos..." > > > >================================================= > >To set vacation, Out-Of-Office, or away messages, > >send an email to [EMAIL PROTECTED] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >If you have any questions on how to change your > >subscription options, email > >[EMAIL PROTECTED] > >================================================= > > > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
