 | ||
 Reducing the Amount of Time to Load a Large Rulebase | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2005-08-14 | |||
| |||
 Reducing the Amount of Time to Load a Large Rulebase Reducing the Amount of Time to Load a Large Rulebase Extremely large policies (over 100 rules, 2,000 objects or so) take a half an hour or more to load using the GUI. From what I am told, it is because the GUI cross-checks all the rules and network objects. In FireWall-1 4.0 and above, you can add the following to the :props section of objects.C (For details: see EditingObjectsDotC :fw_light_verify (true) However, it is far faster to load the policy via the command line using (after saving the policy in the GUI): fw load $FWDIR/conf/policy.W firewall1 firewall2 ... Another thing to check for is any objects you have defined as "routers". Even if no security policy is installed on routers, FireWall-1 will build an access list for them. It is recommended you define the router as type "Other" to prevent this from occurring. -- GuyR - 09 Jan 2004 FAQForm FAQs.Class: RemoteManagementFAQs FAQs.OS: FAQs.Version:  |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
