The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the Ask the Author form. You will also gain access to thousands of other FAQs at ITFAQnet.com.
1. | Users are complaining that the firewall is slow. How do I know if I need a bigger, better, faster box? |
|
2. | If I block a connection, how long will it last? |
|
3. | How is NG AI different from previous versions with respect to performance? |
|
4. | Why don t I see any security server processes running? |
|
5. | How do I know when my Rule Base is too complex? |
|
6. | How do I get these command-line options to run? |
|
Answers
1. | After making sure that the firewall is appropriately tuned and has a good Rule Base, the best way to determine your need for new hardware is to monitor the CPU, memory, and I/O of the firewall. |
2. | Blocked connections will persist based on what was specified when the blocking action was performed. |
3. | Performance is one of the big improvements in NG AI. One of the new performance enhancements is the consolidation of state tables into one. This speeds up the processing of packets. The overhead of SmartDefense is negligible unless you are invoking the use of security servers. |
4. | This is because they haven t been manually invoked in the fwauthd.conf or by a rule that requires authentication or content checking. |
5. | That is a difficult question. What is complex in one environment may be very appropriate in another. It appears that a medium- sized organization should have around 20 rules. The fewer the better is the rule, but get the job done first. |
6. | You must run them from $FWDIR\bin. Alternatively, you can add $FWDIR\bin to your path statement. To add $FWDIR/bin to your path statement, perform the following steps: In UNIX:
In Windows NT and Windows 2000:
|