How to set up the firewall to get the most effect?

The firewall is a bit confusing for many users. In fact, the function of the firewall is still a lot, but we usually don't know how to set it up. Is the firewall overloaded? The symptoms of excessive firewall load include high CPU usage, slow data transfer, and slow application. Before upgrading your hardware, it's worth looking at the firewall configuration to see if it can be optimized. Here are some suggestions for optimizing the firewall, in order to help you achieve the best performance of the computer and increase the transmission speed.

This optimization configuration technique is divided into two parts: a regular best configuration and a vendor-specific pattern configuration. This article focuses on the general best configuration.

Method 1: Ensure that data flowing to the outside conforms to the policy

Clear bad data and clean up the network. Bad data includes unauthorised or unwelcome data that is inconsistent with the strategy. If the server directly attacks the firewall with externally denied DNS, NTP, SMTP, HTTP, and HTTPSecure requests, notify the server administrator. The administrator should then reconfigure the server to pick up undesired external data.

Method 2: Filter unwanted data on routes instead of firewalls

Change the rules for filtering unwanted data to edge routes to balance the performance and utility of security policies. First, the top injection request to the route is treated as a standard ACL filter. This may be time consuming, but it is a good way to prevent data from flooding into the route, because it helps save the CPU and memory used by the firewall.

Then, if there is an internal barrier route between your network and the firewall, you can consider transferring ordinary external traffic to the barrier route. This frees up more firewall processes.

Method 3: Remove rules and objects that you don't need

Delete rules and objects that you don't need in the rule base. While clearing an uncontrollable rule base sounds a bit daunting, there are still many automated tools to help you. These automated tools can reduce the difficulty of firewall policy management.

Method 4: Reduce the complexity of the rule base

Reduce the complexity of the rule base, and the rules should not be repeated as much as possible. Once again, there are many tools that can greatly reduce the time and obstacles we have to clean up and simplify the rule base.

Method 5: Controlling Transport Traffic

If the firewall interface is directly connected to the LAN section, then you should create a rule to control undocumented traffic (bootp, running on TCP/IP) NetBIOS, etc.)

Method 6: List the more frequently used rules in the front of the rule base

List the more frequently used rules in the front of the rule base. Note that some firewalls (eg, Cisco Pix, ASA 7.0 and above, FWSM 4.0, and some Juniper network modes) do not rely on rule order execution because they use optimization rules to match packets.

Method seven: Avoid DNS objects

Avoid objects that require DNS lookups.