Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kishorilal_CJ
Participant

Performance Issue Due to Disabled Rule

Hello

Will it be any performance issue due to the existence of disabled rules in the firewall policy table , where those disabled rules are placed scatter within top/down   

0 Kudos
5 Replies
Gaurav_Pandya
Advisor

Hi,

I don't think it will be performance issue as if you disable the rule, firewall will not check it. For more information refer below SK.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

PhoneBoy
Admin
Admin

It won't hurt performance, but it won't necessarily improve it, either.

For example, if you disable a rule that disables SecureXL templates, rules below that rule will still not benefit from SecureXL templates. 

Timothy_Hall
Champion
Champion

Disabled rules are not actually included in the firewall's compiled policy that it receives, you can verify this by looking in the $FWDIR/state/__tmp/local.set file on the firewall.  At a minimum there is a placeholder for all rules in that file (including the disabled ones) specifying their UID but that is it. 

Dameon disabling a rule that is halting SecureXL templating actually will permit templating to continue, please see the screenshots below from R80.10 concerning rule #7:

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
PhoneBoy
Admin
Admin

You might want to double-check that on R77.30, as at least from what I observed, it still did disable templates. Nice we fixed it on R80.10, though.
0 Kudos
Ewane_Junior
Participant

Dameon, we had same issue and by disabling the policy, templating continued below and the performance was improved.

Service with a port number range policy was disabled.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events