There are several ways that you can improve the performance
of ISA Server. This article lists some of the suggested methods.
Use the Microsoft Firewall Client Instead of
Secure Network Address Translation (SNAT)
If you want to support protocols that require secondary
connections, the Microsoft Firewall Client gives you better performance than
SNAT. The Microsoft Firewall Client Setup program is located in the
Drive:\Program Files\Microsoft ISA Server\Clients folder, where
Drive is the drive where ISA Server is installed.
Set the Processor
Affinity for Each Network Adapter to a Single CPU
On multiprocessor computers, you can set the processor affinity
for each network adapter to a single CPU. This can improve processor efficiency
and dramatically increase the throughput to the firewall. You can use the
Interrupt-Affinity Filter tool (Intfiltr.exe), located in the Windows 2000
Resource Kit, to assign processor affinity for interrupts generated from
network adapters to a specific processor.
For more information
about how to install and use the Interrupt-Affinity Filter
Tool, click the following article number to view the article in the Microsoft Knowledge Base:
252867
How to install and use the
Interrupt-Affinity Filter tool
For more information about the Windows 2000 Resource
Kit, visit the following Microsoft Web site:
Adjust the Parameters of Specific Network Adapter
Cards
You can adjust the parameters of specific network adapter cards to
improve their performance. The following settings are specifically for Intel or
Compaq Fast Ethernet adapters and Intel or Compaq Gigabit adapters.
To change your network adapter settings:
- Click Start, point to
Settings, click Network and Dial-up
Connections, and then right-click Local Area
Connection for the network adapter that you want to
configure.
- Click Properties, click
Configure, and then click the Advanced
tab.
- In the Property dialog box, click the
parameter that you want to change, and then in the Value
dialog box, type the appropriate parameters for your network adapter from the
following list:
Enable IP Routing on the ISA Server
You can enable IP routing on the ISA server to increase
performance. If you do so, the ISA server can pump data for secondary
connections in Kernel mode. This saves processing time and increases
performance.
For more information about how to enable IP routing on your ISA
Server, click the following article number to view the article in the Microsoft Knowledge Base:
279347
Enable IP routing on ISA Server to
increase performance
Disable ISA Server Logging
You can disable ISA Server logging if you do not have to use it.
To do so, follow these steps:
- Click Start, point to
Programs, point to Microsoft ISA Server, and
then click ISA Management.
- In the ISA Management window, expand
Servers and Arrays, expand computer
name, expand Monitoring Configuration,
and then click Logs.
- In the right pane of the ISA Management
window, right-click the log type that you want to disable, and then click
Disable.
Increase the TCP/IP Buffer
Sizes in the Registry
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.You can use Registry Editor to increase the TCP/IP buffer
sizes in the registry. To do so, follow these steps:
- Click Start, and then click
Run.
- In the Open box, type the following
command, and then click OK:
regedit
- Locate, and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value Name:
ForwardBufferMemory
Value Data:
80000
Value Name:
MaxForwardBufferMemory
Value Data:
80000
Value Name:
NumForwardPackets
Value Data:
60000
Value Name:
MaxNumForwardPackets
Value Data:
60000 - On the Edit menu, point to
New, and then click DWORD Value.
- Type the value name, and then press ENTER.
- Double-click the new entry that you created, type the value data in the Value Data box, click
Decimal under Base, and then click
OK.
- Quit Registry Editor, and then restart the
computer.
Enable the Firewall Client Kernel Mode Data Pump
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.You can use Registry Editor to enable the Firewall Client Kernel Mode Data Pump. To do so, follow these steps:
- Click Start, and then click
Run.
- In the Open box, type the following
command, and then click OK:
regedit
- Locate, and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fwsrv\Parameters
- On the Edit menu, point to
New, and then click DWORD Value.
- In the Value Name box, type the following
value name, and then press ENTER:
KernelModeFirewallClient
- Double-click the new entry that you created, type the
following value in the Value Data box, and then click
OK:
1
- Quit Registry Editor, and then restart the
computer.