AnsweredAssumed Answered

Installation speed and verification on installation

Question asked by Jun Liang Seow on Nov 16, 2017
Latest reply on Nov 20, 2017 by Dameon Welch-Abernathy



This is something I notice when I was doing installation on the firewall. As I would like to push changes more regularly, I embarked on doing various speed test and found the results for a policy of size 10000 rules and 15000 objects.


Policy Verification: 2 minutes

Policy Installation (single gateway): 4 minutes


I have been trying to find a way to reduce the overall time taken and after some searching, I realize a few things. 

1) Policy verification takes place in Policy installation.

2) Policy installation compiles and sends entire package to gateway instead of the delta changes



Just wondering if it is possible to reduce both timings. Also, if it is possible to do policy installation without verification if the management gateway detects that no new publishes happened after the last verification.


Also, just playing with the thought if the verification can be sped up by looking at delta changes and doing verifications only on those changes (this will likely speed verification process up a lot)