We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

Best Practice - High Performance Environments

  • Last updated on

These settings should only be made by experts.

In certain high load environments in which over 50,000 concurrent sessions persist, more than 5000 new sessions are generated per second. In combination with a multi-gigabit forwarding traffic flow, you might need to tune your system for optimal performance. This article lists configurations that you can change to improve your system performance.

In this article:

Interrupt Throttle Rate

If your hardware uses Intel Gigabit NICs, the interrupt rate should be throttled to 10,000 interrupts for each NIC. Otherwise, the overall performance of your system can be slowed down from how frequently the kernel tries to fetch packets from the NIC. For the InterruptThrottleRate module setting, add a 10000 value for each Intel Gigabit NIC in your system. For example:  

  • One NIC: InterruptThrottleRate=10000
  • Two NICs: InterruptThrottleRate=10000,10000

To add the InterruptThrottleRate setting to your NIC settings:

  1. Go to CONFIGURATION > Configuration Tree > Box > Network.
  2. In the left menu, select Interfaces.
  3. Expand the Configuration Mode menu and click Switch to Advanced.
  4. Click Lock.
  5. In Network Interface Cards table, edit your interface settings. Add the InterruptThrottleRate module setting to the Driver Options table.
  6. Click OK.
  7. Click Send Changes and Activate.

Processing Priority for "ksoftirqd"

Under heavy load, some packets cannot be handled via the hardware interrupt and are treated by the ksoftirqd daemon. The default priority is set in such a way that it treats other processes with a higher priority to ksoftirqd. To avoid this, run the following commands:

renice -19 -p $(ps ax | grep ksoftirqd | grep -v grep | awk '{print $1}') ethtool -G port1 rx 1024 ethtool -G port2 rx 1024 ethtool -G port3 rx 1024 ethtool -G port4 rx 1024 acpfctrl tune timermode 1

The priority is set to -19 .

To make this configuration permanent, add the commands to the User Scripts settings.

NIC Receive Buffers

Increasing the number of receive buffers improves the system performance when packet bursts occur. The default value for the Intel Gigabit NIC is 256. To increase the default value:  

  1. Show the settings for the NIC. 
    ethtool -g eth3
  2. Increase the number of receive buffers. 
    ethtool -G eth3 rx 1024

To make this configuration permanent, add the commands to the User Scripts settings.


In a default Barracuda NextGen Firewall F-Series installation, file access times are tracked when a file is accessed. This issues a write command even if a file is opened for reading only and additional I/O load is created. To avoid this, mount the partitions with the noatime option.

mount / -o remount,noatime mount /boot -o remount,noatime mount /phion0 -o remount,noatime mount /proc -o remount,noatime

To make this configuration permanent, add the commands to the User Scripts settings.

Increasing the Routing Cache

If your Barracuda NextGen Firewall F-Series handles traffic from large networks with a large number of IP addresses on both sides of the Forwarding Firewall, increase the maximum number of entries that are allowed in the routing cache. 

  1. Go to CONFIGURATION > Configuration Tree > Box > Advanced Configuration > System Settings.
  2. From the the Configuration menu in the left navigation pane, select Routing Cache.
  3. Click Lock.
  4. In the Max Routing Cache Entries field, enter the maximum number of entries for the cache. For example, 200000.
  5. Click Send Changes and Activate.

Disable CPU Power Savings

To enable the highest performance on modern server systems, turn off the CPU power savings. Modify the BIOS settings for the server accordingly.

How to Test Read Performance for Harddisk

To test read performance for a hard disk on a running Barracuda NextGen Firewall F-Series, use the following command: hdparm -tT /dev/<DEVICE>

Last updated on