Improving readability and performance example

You can make Firewall rules more readable and improve the performance of Firewall Policies.

Company B has two separate DMZs, one for the extranet and one for other web services. The number of services offered is large. The company also has many partners and customers that have varying access rights to the different services. The administrators realize that many of the rules in their policies are related to the DMZ connections. The rest of the rules govern access to and from the company’s internal networks. Many of the rules have been entered over time by inserting them at the beginning of the rule table, so rules governing access to the different networks are mixed. Finding all rules that govern access to a particular network takes time.

The administrators decide that they want to make their Firewall Policy more readable and at the same time optimize the way the firewall handles traffic, so they:
  1. Create two new Firewall Sub-Policies: one for each DMZ.
  2. Cut and paste the rules from the current Firewall Policy into the correct Firewall Sub-Policy.
  3. Add Jump rules to the Firewall Policy, to direct the examination of traffic to/from the different networks to the correct Firewall Sub-Policy.
  4. Refresh the Firewall Policy.