Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Realistic Size limitations of SEPM Host Groups?

Created: 30 May 2013 | 3 comments

Hello,

  Like other folks in this discussion group I use host groups within SEP firewall rules to block access to known nasty sites.  That list is getting pretty large, and I'm wondering "how big is too big?".  100 rows? 500?  I understand that YMWWV (your mileage will wildly vary) depending on hardware, but does anyone have any stats about large host groups used in SEP firwealls used on average hardware (let's say, Core i5 based laptops with 4GB of RAM on 32 bit Windows 7)? 

  While I'm writing I'd also like to second/third/fourth comments made here and in the ideas section to improve management of host groups in future revisions - it's a great feature, and things like bulk import, comments and date stamps would be a great help.

 

Happy Hunting

Operating Systems:

Comments 3 CommentsJump to latest comment

.Brian's picture

Out of curiosity, are you seeing any performances issues currently with this?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Bill_K's picture

I am not at the moment, but was looking at a huge block list in relation to a phishing attack and thinking "Whoa, is importing all of that going to kill performance?!"

.Brian's picture

I would assume just like anything else, too much will start to affect performance. I can't find much to show what a limitation or recommended amount would be though.

For instance I know with the application and device control policy, the recommendation is 200 or less rules otherwise the client performance drops when starting.

My guess is it could be the same situation with host groups.

Maybe someone from Symantec can chime in here.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.