topic Has anyone been able to correlate performance issues due to the number of security rules present? in General Topics https://live.paloaltonetworks.com/t5/general-topics/has-anyone-been-able-to-correlate-performance-issues-due-to-the/m-p/2750#M2049 <HTML><HEAD></HEAD><BODY><P>I was thinking about writing very specific security rules for around 15 hosts.&nbsp; The rules would essentially whitelist traffic by destination ips and application.&nbsp; I am somewhat concerned that adding this many additional rules could potentially slow traffic down an appreciable amount for traffic that would match on rules below these.</P><P></P><P>Has anyone run into issues with performance due to too many security rules?&nbsp; I was able to find this post but not much else on the topic - <A href="https://live.paloaltonetworks.com/message/41802">Slow Performanced Based on Order of ACL Rules</A></P></BODY></HTML> Wed, 10 Dec 2014 22:33:59 GMT bgirdner 2014-12-10T22:33:59Z Has anyone been able to correlate performance issues due to the number of security rules present? https://live.paloaltonetworks.com/t5/general-topics/has-anyone-been-able-to-correlate-performance-issues-due-to-the/m-p/2750#M2049 <HTML><HEAD></HEAD><BODY><P>I was thinking about writing very specific security rules for around 15 hosts.&nbsp; The rules would essentially whitelist traffic by destination ips and application.&nbsp; I am somewhat concerned that adding this many additional rules could potentially slow traffic down an appreciable amount for traffic that would match on rules below these.</P><P></P><P>Has anyone run into issues with performance due to too many security rules?&nbsp; I was able to find this post but not much else on the topic - <A href="https://live.paloaltonetworks.com/message/41802">Slow Performanced Based on Order of ACL Rules</A></P></BODY></HTML> Wed, 10 Dec 2014 22:33:59 GMT https://live.paloaltonetworks.com/t5/general-topics/has-anyone-been-able-to-correlate-performance-issues-due-to-the/m-p/2750#M2049 bgirdner 2014-12-10T22:33:59Z Re: Has anyone been able to correlate performance issues due to the number of security rules present? https://live.paloaltonetworks.com/t5/general-topics/has-anyone-been-able-to-correlate-performance-issues-due-to-the/m-p/2751#M2050 <HTML><HEAD></HEAD><BODY><P>15 should not be an issue depending on the total rules you have, what inspection policies you have running, and which device you are using.&nbsp; </P><P></P><P>Just make sure you use your best practices like making sure your m<SPAN style="font-size: 10pt; line-height: 1.5em;">ost used rules are higher in the policy without shadowing other rules.</SPAN></P><P></P><P>The only time we have encountered a resource issue of any kind is when we had an improperly formatted Data Filter but even then we didn't notice a performance hit, just high CPU.</P></BODY></HTML> Thu, 11 Dec 2014 14:10:46 GMT https://live.paloaltonetworks.com/t5/general-topics/has-anyone-been-able-to-correlate-performance-issues-due-to-the/m-p/2751#M2050 Dz3015 2014-12-11T14:10:46Z