This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kishorilal_CJ
Participant
‎2018-02-02 03:46 AM

Performance Issue Due to Disabled Rule

Hello

Will it be any performance issue due to the existence of disabled rules in the firewall policy table , where those disabled rules are placed scatter within top/down   

0 Kudos
5 Replies
Gaurav_Pandya
Advisor
‎2018-02-02 05:47 AM

Hi,

I don't think it will be performance issue as if you disable the rule, firewall will not check it. For more information refer below SK.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

PhoneBoy
Admin
Admin
‎2018-02-02 03:52 PM

It won't hurt performance, but it won't necessarily improve it, either.

For example, if you disable a rule that disables SecureXL templates, rules below that rule will still not benefit from SecureXL templates. 

Timothy_Hall
Legend Legend
Legend
‎2018-02-03 05:52 AM

Disabled rules are not actually included in the firewall's compiled policy that it receives, you can verify this by looking in the $FWDIR/state/__tmp/local.set file on the firewall.  At a minimum there is a placeholder for all rules in that file (including the disabled ones) specifying their UID but that is it. 

Dameon disabling a rule that is halting SecureXL templating actually will permit templating to continue, please see the screenshots below from R80.10 concerning rule #7:

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
PhoneBoy
Admin
Admin
‎2018-02-03 11:18 AM
In response to Timothy_Hall

You might want to double-check that on R77.30, as at least from what I observed, it still did disable templates. Nice we fixed it on R80.10, though.
0 Kudos
Ewane_Junior
Participant
‎2018-02-05 08:08 AM
In response to PhoneBoy

Dameon, we had same issue and by disabling the policy, templating continued below and the performance was improved.

Service with a port number range policy was disabled.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top