Improving readability and performance example

You can make Engine rules more readable and improve the performance of Engine Policies.

Company B has two separate DMZs, one for the extranet and one for other web services. The number of services offered is large. The company also has many partners and customers that have varying access rights to the different services. The administrators realize that many of the rules in their policies are related to the DMZ connections. The rest of the rules govern access to and from the company’s internal networks. Many of the rules have been entered over time by inserting them at the beginning of the rule table, so rules governing access to the different networks are mixed. Finding all rules that govern access to a particular network takes time.

The administrators decide that they want to make their Engine Policy more readable and at the same time optimize the way the engine handles traffic, so they:
  1. Create two new Engine Sub-Policies: one for each DMZ.
  2. Cut and paste the rules from the current Engine Policy into the correct Engine Sub-Policy.
  3. Add Jump rules to the Engine Policy, to direct the examination of traffic to/from the different networks to the correct Engine Sub-Policy.
  4. Refresh the Engine Policy.