Performance Tweaks
Once you have your rulebase complete, review the rule base to see
if you can improve performance. Security is priority number one,
but if you can improve performance while maintaining security and
simplicity, go for it. The idea is to place the most commonly used
rules first. This way the firewall has fewer rules to parse to get
to the most commonly used rules. For many organizations,
this will have little impact. However, for organizations with large
rulebases, or if the majority of their traffic is a single service
(such as a webserver farm) then this can help. For our organization,
we will say that our webserver receives the most traffic. So, we move
the rule as high as possible. Notice how I did NOT place this before
the Firewall Lockdown
rule, this is on purpose. Remeber, security
before performance. I never place anything before the
Firewall Lockdown
unless absolutely necessarry. Also, notice how the rules are grouped together
logically. First comes the "Firewall" rules, followed by the "DMZ"
rules, followed by the "Internal" rules. Logically grouping rules
helps you keep track of what is going on. Remeber, keep it simple.