A firewall is a network security devise that monitors incoming and outgoing traffic and permits or denies the data being flown through the network, based on some pre-defined rules. Symptoms of an overloaded firewall include low throughput, high CPU and slow applications. Before thinking of upgrading your hardware when encountering these issues, it’s a good idea to first check whether your firewall configuration can be optimized.
Techniques for firewall optimization can be divided into two groups : general best practices and model specific, vendor specific configurations. This article focuses on the general best practices to follow for optimizing your firewall:
- Ensure that the outbound traffic is compliant with policies : Clean up the network to remove bad traffic. Bad traffic includes unauthorized traffic, non-compliant traffic or undesired traffic. You should notify the server administrators about servers directly hitting the firewall with DNS, HTTP, SMTP and HTTPS requests. The administrators should then configure the servers not to send this unauthorized traffic, thus taking the load off the firewall.
- Filter the unwanted traffic on the router rather than on the firewall : There are some filtering rules present to disallow unwanted incoming traffic. You should move some of these rules to the router from the firewall in order to balance the workload. You should first identify the top requests that were dropped as per the rules and then move them up to the router. Then, also consider moving common outgoing traffic to your choke routers. This will help to free up more processing on the firewall.
- Remove unused rules and objects: Regularly monitor the firewall configuration and identify the rules that are not being used in the past. Remove these rules from the configuration to better manage the firewall.
- Reduce complex rules: Do not write or configure very complex rules that eat up firewall’s memory. Also, the rules should not overlap with each other.
- Handle broadcast traffic: You should create a rule to handle the broadcast traffic and there should be no logging.
- Rule placement: The rules that are used heavily should be placed at the top of the rule base. This can improve the firewall’s performance as the frequently used rules are quickly accessible and thus reduces the slowness of the firewall.
- Avoid DNS objects : Avoid the objects that required DNS lookups on all the traffic
- Settings match between firewall, switch and router : Your firewall interface should match with your switch and router interface. For example, if your switch or router is 100M bps half duplex, then your firewall also should be the same.
- Separate Firewalls from VPN: This should be done to offload VPN traffic and processing.
- Offload the features from the firewall : Features falling in the category of Unified Threat Management(UTM) such as antivirus, Intrusion prevention system, antispam, and URL scanning should be offloaded from the firewall.
- Upgrade to latest version of the software : This goes without saying that the software you are using should always be updated to its latest version so that nay bug fixes can be incorporated and thus can lead to the firewall’s optimization.
A firewall is a network security solution which include different type of firewall like Sophos, Sonicwall, Fortinet firewall and more. Above best practices may come in handy to optimize the performance of your firewall and following them can be overall beneficial for your system’s performance. Many times, that performance lag or slowness which you might be experiencing can be due to the firewall’s issues and rechecking the configuration can easily solve your problem without having to spend bucks on replacing the hardware or software in your system. So the next time you face performance issues, do consider making and following the above checklist.