Performance Tweaks  

---

 
Once you have your rulebase complete, review the rule base to see if you can improve performance. Security is priority number one, but if you can improve performance while maintaining security and simplicity, go for it. The idea is to place the most commonly used rules first. This way the firewall has fewer rules to parse to get to the most commonly used rules. For many organizations, this will have little impact. However, for organizations with large rulebases, or if the majority of their traffic is a single service (such as a webserver farm) then this can help. For our organization, we will say that our webserver receives the most traffic. So, we move the rule as high as possible. Notice how I did NOT place this before the Firewall Lockdown rule, this is on purpose. Remeber, security before performance. I never place anything before the Firewall Lockdown unless absolutely necessarry. Also, notice how the rules are grouped together logically. First comes the "Firewall" rules, followed by the "DMZ" rules, followed by the "Internal" rules. Logically grouping rules helps you keep track of what is going on. Remeber, keep it simple.