Tweaks for Specific Operating Systems

The following subsections discuss how to tweak IPSO's TCP/IP stack, Solaris, and Windows NT, as well as provide some changes to help the Security Servers function better.

IPSO-Specific Changes

Each of the following changes should be added to /var/etc/rc.local so they will be active across reboots. Most of these changes increase the performance of the Security Servers (which benefit from increased packet sizes) and also help general TCP/IP traffic.

ipsctl –w net:ip:tcp:sendspace 65535 # TCP/IP specific changes
ipsctl –w net:ip:tcp:recvspace 65535
ipsctl –w net:ip:tcp:default_mss 1460 # Should be MTU minus 40 bytes

Solaris-Specific Changes

All ndd commands listed in this section should be added to an rc

Get Essential Check Point™ FireWall-1® NG: An Installation, Configuration, and Troubleshooting Guide now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.