We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

Best Practice - Small NextGen F-Series Firewall Systems

  • Last updated on

Some systems are shipped with 512 MB of RAM. These flash-based systems may report high CPU and RAM usage after a default installation. You can tune these small systems to decrease the RAM and CPU usage and lower system load during and immediately after startup.

Reduce Default Settings in General Firewall Configuration

You can reduce the amount of resources reserved for the Firewall service. Monitor your firewall log and adjust your settings accordingly if you run the risk of exceeding your limits.

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > General Firewall Configuration.
  2. Click Lock.
  3. In the left menu, expand Configuration Mode and click Switch to Advanced View.
  4. Change the following settings:
    • Max. Session Slots – Enter 2048 . Default value F100 and F101: 8192, F10 and F15: 2048

    • Max. Acceptors – Enter 512. Default value: 1024
    • Max. Plugins – Enter 512 . Default: 1024
    • Dyn. Service Names (RPC) – Enter 512. Default: 1024
    • Max Socks Worker – Enter 5. Default: 20
  5. In the left menu, click Application Detection and change the following setting: 
    • Enable Protocol Detection – Select no. Default: yes
  6. Click Send Changes and Activate .
  7. Restart the boxfw service to enable the new setting. For more information, see Virtual Servers and Services.

Disable phionRelCheck after System Startup

Disable the release check to significantly reduce the system load after startup.

  1. Go to CONFIGURATION > Configuration Tree > Box > Advanced Configuration > Firmware Update.
  2. Click Lock.
  3. In the Release Check section, select no from the Boottime Release Check list. 
  4. Click Send Changes and Activate .

Use URL Filter in the Firewall Service and Disable HTTP Proxy

Use Application Control to enforce your URL filter policies instead of the HTTP Proxy service. This will significantly reduce the load on your small F-Series Firewall.

For more information, see Application Control.

Reduce Maximum Number of VPN Tunnels

Reducing the maximum number of VPN tunnels reduces the amount of RAM the VPN service uses.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > VPN-Service > VPN Settings
  2. Click Lock.
  3. Click Click here for Server Settings.
  4. Set Maximum Number of Tunnels to 128. Default: auto.
  5. Click OK.
  6. Click Send Changes and Activate.

Disable IPS

Disable the Intrusion Protection System to lower the system load.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > IPS Policies.
  2. Click Lock
  3. Uncheck Enable IPS.
  4. Click Send Changes and Activate.
Last updated on