Improving Performance - CPUG: The Check Point User Group

CPUG

The Check Point User Group

A Resource For The Check Point Community. Fast. Useful. Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
Courses Starting 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
2. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
3. Join Us On LinkedIn - We now have a CPUG group.

		CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Miscellaneous
Improving Performance

Mark Forums Read

Reply

#1 (permalink)

Old

2005-08-13

BarryStiefel BarryStiefel is offline

BarryStiefel is offline

Administrator

Join Date: 2005-08-11

Location: San Francisco, CA

Posts: 571

Rep Power: 10

BarryStiefel has disabled reputation

Default

Improving Performance

Improving Performance

While not a complete list, here are some things I would do:

Put the most commonly used rules at the top of the rulebase.
Reduce the number of rules by combining similar rules.
Reduce or eliminate the use of the security servers.
Do not use Domain objects.
Use "networks" instead of address ranges in address translation.
Reduce the number of group objects used in NAT rules.
If using Session Authentication, use the Implicit Client Auth trick.
Where possible, do not use the Security Servers.
Reduce logging.

-- PhoneBoy - 11 Jan 2004

FAQForm FAQs.Class: MiscellaneousFAQs FAQs.OS: FAQs.Version:

Reply With Quote

Reply

« Previous Thread | Next Thread »

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are Off [IMG] code is On HTML code is Off Trackbacks are On Pingbacks are On Refbacks are On

All times are GMT -7. The time now is 15:46.