Firewall Rule Order - To optimize or not to optimize

I'm an administrator for a shipboard TMG 2010 server which acts as a proxy for client workstations to interact with a shipboard router (to acess external addresses). Our afloat LAN requires satellite communication so slow connections are normal and the current rule set is a bit of a mess in the organization department. Here is a synopsis of the setup:

  • 58 Total rules
  • ~1200 assets on our network
  • Most traffic leaves the firewall on rules 33-36
  • Server/Application specific rules are at the top of the list
  • Low priority users towards the bottom half

The question is it worth reshuffling the high traffic rules higher up over our server specific rules or is it best left as is?

In other words will reordering the rules have a noticeable effect?

Thanks in advance for any assistance.

June 12th, 2015 4:01am

All client workstations are required to use TMG as a proxy for external connections, so I'm assuming it's a relatively safe assumption it will make traffic flow a bit faster correct? Is there any estimates to how much faster it can process requests? I'm trying to get an idea of how much of an effect this will have without performing the change as justification is required to make significant modifications to firewall configuration.

Thanks,

James

Free Windows Admin Tool Kit Click here and download it now
June 14th, 2015 12:43am

I don't know the exact figures, but the performance impact/improvement is minimum.
June 14th, 2015 2:05am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics