[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject

To: "Firewall, One, List"@oami.eu.int, fw-1-mailinglist@lists.us.checkpoint.com
From: shephan@oami.eu.int
Date: Fri, 23 Apr 1999 14:52:18 +0200 (MET DST)


Why increasing memory should have effect on performace? If the increase the
kernel memory from say 4MB to 32MB which any increase in load in terms of
packets and connections, what effect will it have on performance? We had to
increase kernel memory to accomodate NAT tables, so I will be curious to
know how the performance is affected.


    Kirtikumar Satam
    Technical Advisor/Information Security

----- Original Message -----
From: Dameon D. Welch <dwelch@hotmail.com>
To: Chris F <freaknetboy@yahoo.com>; Firewall One List
<fw-1-mailinglist@lists.us.checkpoint.com>; frank darden
<fdarden@locked.com>
Sent: Thursday, April 22, 1999 12:45 AM
Subject: Re: [FW1] More Memory for FW1 Kernel


>
> > Please be aware that asjusting kernel memory can have an adverse effect
on
> > performance. I recommend increasing it ONLY when neccesary, and in very
> > small allocations. You really want your kernel memory used by FW to be
as
> > small as possible. Just because you have 256MB memory does not mean that
> > you should bump the kernel memory up.
>
> The kernel memory FireWall-1 uses (as defined by the fwhmem parameter) is
> only used to store the various tables used in the enforcement of your
> security policy. This memory is hard-wired (i.e. it can not be swapped
out),
> so it is very important the size is chosen correctly so as to not deprive
> your box of memory unnecessarily. Over time, I have concluded that when a
> change in fwhmem is needed, 5 megabytes is a good place to start. This
will
> be adequate amount for the vast majority of environments I work with. More
> connections may also require more fwhmem, but will require other changes
in
> order to be effective (i.e. increasing the connections and NAT tables).
>
> >fw ctl pstat (as described in this
> > thread) will show you whether or not you need to bump up the kernel
> memory.
> > Phoneboy has a description of the output of the ctl pstat command on his
> site.
>
> Actually, I don't. But that's easy to fix. ;-)
>
> -- PhoneBoy
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: No Subject
Next by Date: No Subject
Prev by thread: No Subject
Next by thread: No Subject
Index(es):
- Date
- Thread