Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
George_Ellis
Advisor

Global Objects load into gateway memory?

This appears to be confusion among some folks.  In the MDM environment, while using global objects, some folks think that the global objects (all of them) load into memory on the gateway with the policy.  I have asked before and the answer I got was that objects are conveyed to the endpoint, but are not in the compiled policy unless they are used in the policy.

Someone is thinking that we should abandon global objects to save memory in some of the domain firewall policies that load into the gateway policy in memory.  That does not make much sense.  Anyone know differently?

5 Replies
Richard_Quick
Contributor

Never really thought about it but i can't see where the savings would be that great even if it was in memory.  If the device is really teetering that close then it's time for new hardware. 🙂

0 Kudos
George_Ellis
Advisor

It's not like we are running Crossbeams 😉

0 Kudos
PhoneBoy
Admin
Admin

The gateways work with a compiled policy.
Whether the objects are global or.local shouldn't change that.
0 Kudos
George_Ellis
Advisor

Exactly. Compiled with the objects that are in the policy. There are folks out there that are confused that if you use global objects in the MDM, they are all in the running policy. The only gotcha I know of with globals is using global ports. Tested in 80.10, the compiler was not seeing shadowing when using local and global port definitions.

When you have 12 domains, and 4 are data centers for HA, using globals allows create once, use everywhere.
0 Kudos
PhoneBoy
Admin
Admin

While there may be no issues with this on the gateway side, I can see how there might be issues on the management side of things with the policy verification and compilation if there's a large number of global objects in a large enterprise policy.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events