Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Performance tuning options for Internet Security and Acceleration Server


View products that this article applies to.

Summary

This article discusses ways that you can improve the performance of Microsoft Internet Security and Acceleration (ISA) Server.

↑ Back to the top


More information

There are several ways that you can improve the performance of ISA Server. This article lists some of the suggested methods.

Use the Microsoft Firewall Client Instead of Secure Network Address Translation (SNAT)

If you want to support protocols that require secondary connections, the Microsoft Firewall Client gives you better performance than SNAT. The Microsoft Firewall Client Setup program is located in the Drive:\Program Files\Microsoft ISA Server\Clients folder, where Drive is the drive where ISA Server is installed.

Set the Processor Affinity for Each Network Adapter to a Single CPU

On multiprocessor computers, you can set the processor affinity for each network adapter to a single CPU. This can improve processor efficiency and dramatically increase the throughput to the firewall. You can use the Interrupt-Affinity Filter tool (Intfiltr.exe), located in the Windows 2000 Resource Kit, to assign processor affinity for interrupts generated from network adapters to a specific processor. For more information about how to install and use the Interrupt-Affinity Filter Tool, click the following article number to view the article in the Microsoft Knowledge Base:
252867 How to install and use the Interrupt-Affinity Filter tool
For more information about the Windows 2000 Resource Kit, visit the following Microsoft Web site:

Adjust the Parameters of Specific Network Adapter Cards

You can adjust the parameters of specific network adapter cards to improve their performance. The following settings are specifically for Intel or Compaq Fast Ethernet adapters and Intel or Compaq Gigabit adapters.

To change your network adapter settings:
  1. Click Start, point to Settings, click Network and Dial-up Connections, and then right-click Local Area Connection for the network adapter that you want to configure.
  2. Click Properties, click Configure, and then click the Advanced tab.
  3. In the Property dialog box, click the parameter that you want to change, and then in the Value dialog box, type the appropriate parameters for your network adapter from the following list:
    • If you have Intel or Compaq Fast Ethernet adapters, use the following values:
      Coalesce Buffers: 32
      Receive Buffers: 500
      Transmit Control Blocks: 64
    • If you have Intel or Compaq Gigabit adapters, use the following values:
      Coalesce Buffers: 512
      Receive Buffers: 768
      Transmit Descriptors: 512

Enable IP Routing on the ISA Server

You can enable IP routing on the ISA server to increase performance. If you do so, the ISA server can pump data for secondary connections in Kernel mode. This saves processing time and increases performance. For more information about how to enable IP routing on your ISA Server, click the following article number to view the article in the Microsoft Knowledge Base:
279347 Enable IP routing on ISA Server to increase performance

Disable ISA Server Logging

You can disable ISA Server logging if you do not have to use it. To do so, follow these steps:
  1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. In the ISA Management window, expand Servers and Arrays, expand computer name, expand Monitoring Configuration, and then click Logs.
  3. In the right pane of the ISA Management window, right-click the log type that you want to disable, and then click Disable.

Increase the TCP/IP Buffer Sizes in the Registry

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.You can use Registry Editor to increase the TCP/IP buffer sizes in the registry. To do so, follow these steps:
  1. Click Start, and then click Run.
  2. In the Open box, type the following command, and then click OK:
    regedit
  3. Locate, and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    Note For steps 4-6, use the value name and value data entries in the following list to create the following four registry entries. Repeat the steps for each registry entry that you create.

    Value Name: ForwardBufferMemory
    Value Data: 80000

    Value Name: MaxForwardBufferMemory
    Value Data: 80000

    Value Name: NumForwardPackets
    Value Data: 60000

    Value Name: MaxNumForwardPackets
    Value Data: 60000
  4. On the Edit menu, point to New, and then click DWORD Value.
  5. Type the value name, and then press ENTER.
  6. Double-click the new entry that you created, type the value data in the Value Data box, click Decimal under Base, and then click OK.
  7. Quit Registry Editor, and then restart the computer.

Enable the Firewall Client Kernel Mode Data Pump

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.You can use Registry Editor to enable the Firewall Client Kernel Mode Data Pump. To do so, follow these steps:
  1. Click Start, and then click Run.
  2. In the Open box, type the following command, and then click OK:
    regedit
  3. Locate, and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fwsrv\Parameters
  4. On the Edit menu, point to New, and then click DWORD Value.
  5. In the Value Name box, type the following value name, and then press ENTER:
    KernelModeFirewallClient
  6. Double-click the new entry that you created, type the following value in the Value Data box, and then click OK:
    1
  7. Quit Registry Editor, and then restart the computer.

↑ Back to the top


References

For additional information about ISA Server, visit the following Microsoft Web site:For additional information about ISA Server, visit the following non-Microsoft Web site: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information. The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

↑ Back to the top


Keywords: KB293640, kbinfo

↑ Back to the top

Article Info
Article ID : 293640
Revision : 9
Created on : 10/30/2006
Published on : 10/30/2006
Exists online : False
Views : 443