Essential Check Point™ FireWall-1® NG: An Installation, Configuration, and Troubleshooting Guide

Tweaks for Specific Operating Systems

The following subsections discuss how to tweak IPSO's TCP/IP stack, Solaris, and Windows NT, as well as provide some changes to help the Security Servers function better.

IPSO-Specific Changes

Each of the following changes should be added to /var/etc/rc.local so they will be active across reboots. Most of these changes increase the performance of the Security Servers (which benefit from increased packet sizes) and also help general TCP/IP traffic.

ipsctl –w net:ip:tcp:sendspace 65535 # TCP/IP specific changes
ipsctl –w net:ip:tcp:recvspace 65535
ipsctl –w net:ip:tcp:default_mss 1460 # Should be MTU minus 40 bytes

Solaris-Specific Changes

All ndd commands listed in this section should be added to an rc

Get Essential Check Point™ FireWall-1® NG: An Installation, Configuration, and Troubleshooting Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Essential Check Point™ FireWall-1® NG: An Installation, Configuration, and Troubleshooting Guide by Dameon D. Welch-Abernathy

Tweaks for Specific Operating Systems

IPSO-Specific Changes

Solaris-Specific Changes

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly