Some systems are shipped with 512 MB of RAM. These flash-based systems may report high CPU and RAM usage after a default installation. You can tune these small systems to decrease the RAM and CPU usage and lower system load during and immediately after startup.
Reduce Default Settings in General Firewall Configuration
You can reduce the amount of resources reserved for the Firewall service. Monitor your firewall log and adjust your settings accordingly if you run the risk of exceeding your limits.
- Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > General Firewall Configuration.
- Click Lock.
- In the left menu, expand Configuration Mode and click Switch to Advanced View.
- Change the following settings:
Max. Session Slots – Enter
2048
. Default value F100 and F101:8192
, F10 and F15:2048
- Max. Acceptors – Enter
512
. Default value:1024
. - Max. Plugins – Enter
512
. Default:1024
- Dyn. Service Names (RPC) – Enter
512
. Default:1024
- Max Socks Worker – Enter
5
. Default:20
- In the left menu, click Application Detection and change the following setting:
- Enable Protocol Detection – Select no. Default: yes
- Click Send Changes and Activate.
- Restart the boxfw service to enable the new setting. For more information, see Assigned Services.
Disable phionRelCheck after System Startup
Disable the release check to significantly reduce the system load after startup.
- Go to CONFIGURATION > Configuration Tree > Box > Advanced Configuration > Firmware Update.
- Click Lock.
- In the Release Check section, select no from the Boottime Release Check list.
- Click Send Changes and Activate .
Use URL Filter in the Firewall Service and Disable HTTP Proxy
Use Application Control to enforce your URL filter policies instead of the HTTP Proxy service. This will significantly reduce the load on your small CloudGen Firewall appliance.
For more information, see Application Control.
Reduce Maximum Number of VPN Tunnels
Reducing the maximum number of VPN tunnels reduces the amount of RAM the VPN service uses.
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > VPN-Service > VPN Settings.
- Click Lock.
- Set Maximum Number of Tunnels to
128
. Default: auto. - Click OK.
- Click Send Changes and Activate.
Disable IPS
Disable the Intrusion Protection System to lower the system load.
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > IPS Policies.
- Click Lock.
- Uncheck Enable IPS.
- Click Send Changes and Activate.