Hi there,
as the title says, i'm searching for information, how much the performance of a XGS (2100) firewall it will cost, if i activate the logging of most of our firewall rules?
I have in mind for many years, that logging of firewall rules should be only activated in cases, where you have to troubleshoot errors - because of a possible performance decrease.
But as our business grows, we want to be able to check logs some days back for troubleshooting or - in case of a possible attack from the outside - to check, which internal systems may have been accessed/attacked.
We run a XGS 2100-Cluster with about 50 local users and ~5 branch offices. The branch offices only access local servers and services; we don't route all traffic from there through our XGS. CPU is mainly at ~10-15% load.
I searched a little bit in the Sophos Community/Google, but i don't find any advice or facts (like: "i activated logging on 20 rules and have 10% more CPU used"); the little information i found, also in some Knowledge base-Articles from Sophos is, that logging firewall rules has "not many impact on the performance of the XG".
Actual, we don't use a external syslog server - it is planned for the future; but for now, i wan't to log with the XG itself.
Thanks in advance!
Bastian
Quote