How to exclude LAN-to-LAN?
Hi,
I've configured Zenarmor to protect two physical LAN interfaces.
One LAN interface is for all user VLANs/subnets, and the other one for all IoT VLANs/subnets. For each I've different Zenarmor policies.
When I copy data from a LAN subnet to a IoT subnet, Zenarmor analyse the traffic for both interfaces which causes a high CPU load. If Zenarmor uses one CPU, the CPU load is 100% and limits the troughput. When I choose "Do not pin packet engine processors to dedicated CPU cores" the througput is fine. According to Zenarmors documentation this setting is not recommend due to performance issues.
Unfortunately I can't exlude the subnets in the policies, because I've a dynamic IPv6 prefix.
What is recommend to exclude LAN-to-LAN?
Thank you.
Jas Man
Please sign in to leave a comment.
Comments
4 comments