cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Global Objects load into gateway memory?

This appears to be confusion among some folks.  In the MDM environment, while using global objects, some folks think that the global objects (all of them) load into memory on the gateway with the policy.  I have asked before and the answer I got was that objects are conveyed to the endpoint, but are not in the compiled policy unless they are used in the policy.

Someone is thinking that we should abandon global objects to save memory in some of the domain firewall policies that load into the gateway policy in memory.  That does not make much sense.  Anyone know differently?

5 Replies

Re: Global Objects load into gateway memory?

Never really thought about it but i can't see where the savings would be that great even if it was in memory.  If the device is really teetering that close then it's time for new hardware. 🙂

0 Kudos

Re: Global Objects load into gateway memory?

It's not like we are running Crossbeams 😉

0 Kudos
Admin
Admin

Re: Global Objects load into gateway memory?

The gateways work with a compiled policy.
Whether the objects are global or.local shouldn't change that.
0 Kudos
Highlighted

Re: Global Objects load into gateway memory?

Exactly. Compiled with the objects that are in the policy. There are folks out there that are confused that if you use global objects in the MDM, they are all in the running policy. The only gotcha I know of with globals is using global ports. Tested in 80.10, the compiler was not seeing shadowing when using local and global port definitions.

When you have 12 domains, and 4 are data centers for HA, using globals allows create once, use everywhere.
0 Kudos
Admin
Admin

Re: Global Objects load into gateway memory?

While there may be no issues with this on the gateway side, I can see how there might be issues on the management side of things with the policy verification and compilation if there's a large number of global objects in a large enterprise policy.
0 Kudos