I've attempted to hunt around for this with little success, so I figured I
would come out and ask. With an eye to optimization (i.e. faster traversal of
comparison of a new SYN packet to rulebase), when a rulebase is compiled in
what order are the components matched? IOW, is the packet first scanned against
say the services of each rule then service matches compared to the dest, then
the serv and dest matches compared to the src? Or some other order?
For example, given hostA and hostB access to serverA and serverB on port1 and
port2, which option of rule config below will end up more optimized once
compiled?
---
hostA & hostB -> serverA & serverB : port1 & port2
---
hostA & hostB -> serverA & serverB : port1
hostA & hostB -> serverA & serverB : port2
---
hostA & hostB -> serverA : port1 & port2
hostA & hostB -> serverB : port1 & port2
---
and so on.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
