Hi.
This is a tricky question.
What would be the best option to reduce resource usage(CPU usage, throughput) on Checkpoint gateways, while grouping rules? Let me show you an example of a rule where multiple servers consume web APIs/data.
- 1 rule with all hosts listed as source(thats how he have this rule today inside a Layer - Rule 21.3)
- 1 rule, all hosts inside a group object, that object as source of the rule
- 1 rule per source. This makes sense since those hosts access the internet at different rates/bandwidth so, hit count is not equal/balanced among them, but does not make sense if we think top-down rule precedence overhead
What is the best option here?