Troubleshooting guide

Chapter 7 Troubleshooting Security Servers and Content Security

How to Improve HTTP Security Server performance in a High Performance Environment

Advanced Technical Reference Guide 4.1 • June 2000 56

Diagram of the environment

Note: The WebSense Server was moved to a separate interface on the FireWall (100 Mbps Ethernet)

Tuning

System parameters

The following system parameters were set:

set noexec_user_stack = 1

set noexec_user_stack_log = 1

set rlim_fd_cur=4096

set rlim_fd_max=4096

set tcp:tcp_conn_hash_size = 16384

set fw:fwhmem = 0x1000000

TCP/IP stack parameters

The following TCP/IP stack parameters were set:

ndd -set /dev/hme adv_100fdx_cap 1

ndd -set /dev/tcp tcp_xmit_hiwat 65535

ndd -set /dev/tcp tcp_recv_hiwat 65535

ndd -set /dev/tcp tcp_cwnd_max 65535

ndd -set /dev/tcp tcp_slow_start_initial 2

ndd -set /dev/tcp tcp_conn_req_max_q 1024

ndd -set /dev/tcp tcp_conn_req_max_q0 4096

ndd -set /dev/tcp tcp_close_wait_interval 60000

VPN-1/FireWall-1 parameters

1. Increase connections table limit to 50,000, and hashsize to 65536.

In $FWDIR/lib/table.def addtotheendofline,

connections = limit 50000 hashsize 65536