Address Objects which is more efficient Network VS Range
MichaelB
Newbie ✭
Regarding Address Objects, which is more efficient for a Sonicwall to process? A Network object or a Range object?
For example in the following example which would be more efficient for the SW, speed, cpu, and memory wise.
I need to cover all the IP's between 10.5.0.1 and 10.5.35.254 in an object.
As a Range Object I could create it with a range of 10.5.0.1 to 10.5.35.254.
As a Network Object i would have to create it as 10.5.0.0/18. (Which is 10.5.0.1 - 10.5.63.254)
Secondly, if the Range and Network were the same size which would be more efficient for the SW?
Category: Mid Range Firewalls
0
Answers
@MichaelB the answer could be probably answered only by a SNWL engineer who did some performance tests.
But in my logic, Network should be faster than Range, because Network needs only simple AND, OR (or XOR) operations, while Range needs to do some more math (hopefully it's not implemented in string compares ;-)).
I'am not sure if using a Network object includes the Broadcast Address as well. This is important if you got a usable "range" like 192.168.1.0-192.168.1.15. A long time ago the Access Rule with a Network object of 192.168.1.0/255.255.255.240 did not cover 192.168.1.15, I had to use a Range therfore.
For 10.5.0.1 to 10.5.35.254 I wouldn't use a Network object because it's not within subnet limits.
--Michael@BWC
@BWC LoL, we can only hope its not string compares...
I know I have found a few articals like:
That say:
Range:
Range Address Objects define a range of contiguous IP addresses. No Netmask is associated with Range Address Objects, but internal logic generally treats each member of the specified range as a 32-bit masked Host object...
But couldn't find any metrics of speed/CPU/memory on different Address Object types. Or best practices on how to achieve the best efficiency for processing those different objects.