Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Not applicable
Jump to solution

How will layers impact policy performance?

If a rule does not match a parent rule, will the gateway still go over the child rules in the layer?

I might be using wrong teminology, so ill explain using an example:

Source                                   Destination                                   Action

1. management_net               CP_Hosts                                    Mgmt_layer

     1.1 robert's pc                   HQ_XL                                        accept

     1.2 steven's pc                 R80_CMA                                    accept

     1.3 IT_Net                         R80_CMA                                    accept

     1.4 any                              any                                               deny

2.DC_Net                              DC_Net                                        DC_internal_layer

     2.2 SAP_Net                    SAP_Net                                      accept

     2.3 any                              any                                               deny

Lets say a packet that fits the layer in rule number 2 arrives at the gateway, will it still go over 1.1 & 1.2 & 1.3 and so on, or will it just skip the entire layer if it does not match the parent rule?

If it does skip the layer if it does not match the parent rule, how much of an imporvement in performance can we expect to see?

Thank you.

1 Solution

Accepted Solutions
Limor_Ganon
Employee Alumnus
Employee Alumnus

Hi,

In your example, a packet that supposed to match rule #2 will be evaluated against rule #1, won't be evaluated against 1.1-1.4 and then will be evaluated (and matched) to rule #2.

Regarding performance improvement - the question is compare to what?

If you mean that in the past all rules were evaluated and now only the parent rules, so the answer will be that it really depends on the rules in the inline layer and what's their performance impact...

Hope this answers your question.

View solution in original post

0 Kudos
2 Replies
Eyal_Rashelbach
Employee
Employee

Please refer to the comprehensive layers review  in the following thread:
Layers in R80

I hope it will cover all your needs

0 Kudos
Limor_Ganon
Employee Alumnus
Employee Alumnus

Hi,

In your example, a packet that supposed to match rule #2 will be evaluated against rule #1, won't be evaluated against 1.1-1.4 and then will be evaluated (and matched) to rule #2.

Regarding performance improvement - the question is compare to what?

If you mean that in the past all rules were evaluated and now only the parent rules, so the answer will be that it really depends on the rules in the inline layer and what's their performance impact...

Hope this answers your question.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events