Shannon,
I use rules using groups instead of seperate object with there own
rules.
It keeps my rulebase simple and not large. Also since I have over 15+
firewalls
it gives me a overall firewall rulebase standared for each Firewall.
Plus it is easier to manage groups than Individual objects.
As for performance when I orginaly started I used objects with individual
rule's.
My rulebase was HUGE.
Once I switched to groups the rulebase got a lot smaller and performance
increased.
Hope this helps.
Alberto Cardona II
-----Original Message-----
From: Shannon Johnston [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 28, 2001 12:40 PM
To: Firewall One List
Subject: [FW1] Optimization??
I'm interested in increasing the performance of our FW-1 (Nokia IP440) and I
was wondering about the performance of groups vs. separate rules.
For example, I'm setting up a blacklist that will block everything coming
from specific IP's. Would it be more beneficial to set them up in a
blacklist
group and add them all to 1 rule, or would it run better if they were
separated into their own rules?
We filter serveral million packets per month so any performance gain is
welcome.
--
Shannon Johnston
[EMAIL PROTECTED]
--------------------------------
Hiroshima '45 Chernobyl '86 Windows '95
--------------------------------
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
