Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
436
Views
0
Helpful
1
Replies

Order of rules

Maya Malevich
Level 1
Level 1

‎01-03-2012 01:38 AM - edited ‎03-11-2019 03:09 PM

Hello,

I have a question regarding the order of the rules in a firewall.

The question is whether the order of the rules affects the firewall performance.

All I could find in the community were old discussions, which claimed that placing the most used rules first will improve performance, since the firewall tries to match the rules sequentially.

Cisco also had a product called ACL manager that used to do that, but discontinued the project.

So the question is, are these assumptions still true? I'd expect the newer firewall to be able to compile the rules into a more effective data structure, which would reduce if not completely cancel the effects that rule ordering has on performance. Specifically I would like to know about ASA, PIX and FWSM firewalls.

Can anyone tell if this is the case or not?

Labels:
0 Helpful
1 Reply 1

ajay chauhan
Level 7
Level 7

‎01-03-2012 04:02 AM

Hi,

The impact should be there if you have huge ACL in place but considering todays modern hardware impact should be very negligible.Very huge improper ACL may cause high cpu/memory utalization.

Thanks

Ajay

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card