FW-1 performance problem?

[Hans Akerman <akerman () spektr ludvika se>]

Hi!

We have recently installed a machine running Checkpoint FW-1 to seperate
our internal networks. When we install a policy with a few rules (18)
there seems to be a problem with the NT/Win95 traffic. The rule that
allows the networks to communicate is an "any-any" rule.. When we install
a policy with one rule (any-any) the traffic seems to be OK. The problem
is when they map there disks and tries to write and read from the
resource. They are accepted in the log but the user experience strange
error messages like "disk full" and when it works it's slow.

First we used an HP D330 machine running HP-UX. When we had performance
problem with that we changed to a Sun Ultra 1. Same problem there but not
as much. The traffic through the FW is moderate. We have about 140
network objects defined.


Hans Akerman