topic Re: Policy complexity considerations in General Topics https://live.paloaltonetworks.com/t5/general-topics/policy-complexity-considerations/m-p/17733#M12920 <HTML><HEAD></HEAD><BODY><P>Euh - you have 15 security policies on a 2050 and you are worrying about performance impact ?</P><P></P><P>Funny <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P><P></P><P>I wouldn't worry too much about performance , even with 1000+ policies.</P><P></P><P>Maybe managability and visibilty becomes an issue then , allthough by using (multiple) tags , you can even keep a +1000 policy understandable....</P></BODY></HTML> Fri, 25 Nov 2011 17:34:04 GMT Bart_Jocque 2011-11-25T17:34:04Z Policy complexity considerations https://live.paloaltonetworks.com/t5/general-topics/policy-complexity-considerations/m-p/17732#M12919 <HTML><HEAD></HEAD><BODY><P>When creating policies, especially Security and QoS, how much consideration do I have to give to the number of policies?</P><P></P><P>If we want to get very granular with these policies, will we pay any significant penalty in performance (either in device administration or performance)?</P><P></P><P>(Specifically we have PA2050 that will route through 220Mbps max to internet--I have about 15 Security and about 10 QoS rules, would like to add more)</P><P>Is it better to group objects and minimize policy complexity, or (from a performance perspective) do I even need to worry about it?</P><P></P><P>Thank you</P><P>Simon.</P></BODY></HTML> Fri, 25 Nov 2011 17:15:13 GMT https://live.paloaltonetworks.com/t5/general-topics/policy-complexity-considerations/m-p/17732#M12919 sspivey 2011-11-25T17:15:13Z Re: Policy complexity considerations https://live.paloaltonetworks.com/t5/general-topics/policy-complexity-considerations/m-p/17733#M12920 <HTML><HEAD></HEAD><BODY><P>Euh - you have 15 security policies on a 2050 and you are worrying about performance impact ?</P><P></P><P>Funny <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P><P></P><P>I wouldn't worry too much about performance , even with 1000+ policies.</P><P></P><P>Maybe managability and visibilty becomes an issue then , allthough by using (multiple) tags , you can even keep a +1000 policy understandable....</P></BODY></HTML> Fri, 25 Nov 2011 17:34:04 GMT https://live.paloaltonetworks.com/t5/general-topics/policy-complexity-considerations/m-p/17733#M12920 Bart_Jocque 2011-11-25T17:34:04Z