Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Performance impact / Best Practice: Log firewall rules

Hi there,

as the title says, i'm searching for information, how much the performance of a XGS (2100) firewall it will cost, if i activate the logging of most of our firewall rules?

I have in mind for many years, that logging of firewall rules should be only activated in cases, where you have to troubleshoot errors - because of a possible performance decrease.

But as our business grows, we want to be able to check logs some days back for troubleshooting or - in case of a possible attack from the outside - to check, which internal systems may have been accessed/attacked. 

We run a XGS 2100-Cluster with about 50 local users and ~5 branch offices. The branch offices only access local servers and services; we don't route all traffic from there through our XGS. CPU is mainly at ~10-15% load.

I searched a little bit in the Sophos Community/Google, but i don't find any advice or facts (like: "i activated logging on 20 rules and have 10% more CPU used"); the little information i found, also in some Knowledge base-Articles from Sophos is, that logging firewall rules has "not many impact on the performance of the XG". 

Actual, we don't use a external syslog server - it is planned for the future; but for now, i wan't to log with the XG itself.

Thanks in advance!

Bastian



Edited TAGs
[edited by: Erick Jan at 9:08 AM (GMT -7) on 21 Aug 2024]
Parents Reply Children
No Data