No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
Huawei Firewall Security Policy Essentials
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Changing Policies at Off-Peak Hours and Enabling Policy Backup-based Acceleration as Required

Changing Policies at Off-Peak Hours and Enabling Policy Backup-based Acceleration as Required

You are advised to change security policies during off-peak hours to minimize the impact on firewall performance and established sessions. This is especially important for high-load firewalls.

To improve the security policy matching speed, the firewall creates an index for each security policy and accelerates policy query (index matching) during policy matching. This function is known as policy acceleration. When a security policy changes, the new security policy takes effect immediately. However, the firewall creates an index for the new security policy after an acceleration delay (60 seconds by default) to ensure that the index is created after the change is complete. Before the index update is complete, the firewall performs regular policy matching, resulting in low efficiency of policy matching. To resolve this problem, you can configure the policy backup-based acceleration function. When a security policy changes, the firewall backs up the index of the original policy and uses the backup index to match security policies. After an index is re-created, the firewall uses the new index for policy matching and the new security policy takes effect.

Determine whether to enable the policy-based backup acceleration function by referring to Table 4-3.

Table 4-3 Policy backup-based acceleration configuration guide

Function Status

Without Policy Change

Policy Changed

Application Scenario and Impact

Enabled

policy accelerate standby enable

Accelerate policy query by using original indexes to match security policies.

Accelerate policy query by using backup indexes to match security policies.

The security policy change takes effect only after the new index is generated.

The firewall service traffic is heavy, and there are more than 100 security policies.

Security policy change takes effect after a delay of about 2 minutes. Verify that the security policy takes effect after the delay.

Disabled

undo policy accelerate standby enable

Accelerate policy query by using original indexes to match security policies.

Perform the regular policy matching and accelerate policy query after the new index is generated.

The security policy change takes effect immediately.

There are less than 100 security policies.

The device performance deteriorates during the policy change.
Translation
简体中文
Download
Updated: 2023-04-06

Document ID: EDOC1100172313

Views: 122975

Downloads: 552

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :