Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nikhil_Patil
Participant

Firewall state table optimization

How can we achieve below requirement in Checkpoint firewall.

 

 

1

State Table
1.1 The solution should be a stateful firewall and must allow granular control of the state table
1.2 On a per-rule basis:
a. Limit simultaneous client connections
b. Limit states per host
c. Limit new connections per second
d. Define state timeout
e. Define state type
1.3 State types - the solution shall offer multiple options for state handling:
 a. Keep state - Works with all protocols. Default for all rules.
b. Sloppy state – shall work with all protocols. Less strict state tracking to support asymmetric routing.
c. Synproxy state - Proxies incoming TCP connections to protect servers from spoofed TCP SYN floods. Must include the option to keep state and modulate state combined.
1.4 State table optimization options – at minimum table optimization shall have the options to:
a. Normal - the default algorithm
b. High latency - Useful for high latency links, such as satellite connections. Expires idle connections later than normal.
c. Aggressive - Expires idle connections more quickly. More efficient use of hardware resources, but can drop legitimate connections.
d. Conservative - Tries to avoid dropping legitimate connections at the expense of increased memory usage and CPU utilization
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events