Hello,
We currently have a checkpoint Firewall-3.0 on Soalris in production,
and the CPU usage was about 100% all the time. We re-arranged the rules
based on a study of the most-used services, and this usage went down
80%. This is good, but I would like to go further.
The most used service being HTTP on this firewall, I was thinking on
enabling FAST mode for this service. IF I understand this well, when a
service has the fast mode enabled, if the firewall sees an ACK packet
coming for this service, it will let it go through without checking its
security policy, nor its state table.
Are there security concerns in enabling fast mode? will it improve
performance?
Thank you for your answers.
___________________________________________________________
Do You Yahoo!? -- Pour dialoguer en direct avec vos amis,
Yahoo! Messenger : http://fr.messenger.yahoo.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
