Endpoint Protection

 View Only

  • 1.  Realistic Size limitations of SEPM Host Groups?

    Posted May 30, 2013 09:26 AM

    Hello,

      Like other folks in this discussion group I use host groups within SEP firewall rules to block access to known nasty sites.  That list is getting pretty large, and I'm wondering "how big is too big?".  100 rows? 500?  I understand that YMWWV (your mileage will wildly vary) depending on hardware, but does anyone have any stats about large host groups used in SEP firwealls used on average hardware (let's say, Core i5 based laptops with 4GB of RAM on 32 bit Windows 7)? 

      While I'm writing I'd also like to second/third/fourth comments made here and in the ideas section to improve management of host groups in future revisions - it's a great feature, and things like bulk import, comments and date stamps would be a great help.

     

    Happy Hunting



  • 2.  RE: Realistic Size limitations of SEPM Host Groups?

    Posted May 30, 2013 09:29 AM

    Out of curiosity, are you seeing any performances issues currently with this?



  • 3.  RE: Realistic Size limitations of SEPM Host Groups?

    Posted May 30, 2013 09:39 AM

    I am not at the moment, but was looking at a huge block list in relation to a phishing attack and thinking "Whoa, is importing all of that going to kill performance?!"



  • 4.  RE: Realistic Size limitations of SEPM Host Groups?

    Posted May 30, 2013 09:46 AM

    I would assume just like anything else, too much will start to affect performance. I can't find much to show what a limitation or recommended amount would be though.

    For instance I know with the application and device control policy, the recommendation is 200 or less rules otherwise the client performance drops when starting.

    My guess is it could be the same situation with host groups.

    Maybe someone from Symantec can chime in here.