Microsoft KB Archive/293640

= Performance tuning options for Internet Security and Acceleration Server =

Article ID: 293640

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2000 Standard Edition

-



This article was previously published under Q293640



Notice
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SUMMARY
This article discusses ways that you can improve the performance of Microsoft Internet Security and Acceleration (ISA) Server.



MORE INFORMATION
There are several ways that you can improve the performance of ISA Server. This article lists some of the suggested methods.

Use the Microsoft Firewall Client Instead of Secure Network Address Translation (SNAT)
If you want to support protocols that require secondary connections, the Microsoft Firewall Client gives you better performance than SNAT. The Microsoft Firewall Client Setup program is located in the Drive:\Program Files\Microsoft ISA Server\Clients folder, where Drive is the drive where ISA Server is installed.

Set the Processor Affinity for Each Network Adapter to a Single CPU
On multiprocessor computers, you can set the processor affinity for each network adapter to a single CPU. This can improve processor efficiency and dramatically increase the throughput to the firewall. You can use the Interrupt-Affinity Filter tool (Intfiltr.exe), located in the Windows 2000 Resource Kit, to assign processor affinity for interrupts generated from network adapters to a specific processor. For more information about how to install and use the Interrupt-Affinity Filter Tool, click the following article number to view the article in the Microsoft Knowledge Base:

252867 How to install and use the Interrupt-Affinity Filter tool

For more information about the Windows 2000 Resource Kit, visit the following Microsoft Web site:

http://www.microsoft.com/windows2000/techinfo/reskit/default.mspx

Adjust the Parameters of Specific Network Adapter Cards
You can adjust the parameters of specific network adapter cards to improve their performance. The following settings are specifically for Intel or Compaq Fast Ethernet adapters and Intel or Compaq Gigabit adapters.

To change your network adapter settings:  Click Start, point to Settings, click Network and Dial-up Connections, and then right-click Local Area Connection for the network adapter that you want to configure. Click Properties, click Configure, and then click the Advanced tab. In the Property dialog box, click the parameter that you want to change, and then in the Value dialog box, type the appropriate parameters for your network adapter from the following list:  If you have Intel or Compaq Fast Ethernet adapters, use the following values:

Coalesce Buffers: 32

Receive Buffers: 500

Transmit Control Blocks: 64

 If you have Intel or Compaq Gigabit adapters, use the following values:

Coalesce Buffers: 512

Receive Buffers: 768

Transmit Descriptors: 512

 </li></ol>

Enable IP Routing on the ISA Server
You can enable IP routing on the ISA server to increase performance. If you do so, the ISA server can pump data for secondary connections in Kernel mode. This saves processing time and increases performance. For more information about how to enable IP routing on your ISA Server, click the following article number to view the article in the Microsoft Knowledge Base:

279347 Enable IP routing on ISA Server to increase performance

Disable ISA Server Logging
You can disable ISA Server logging if you do not have to use it. To do so, follow these steps:
 * 1) Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
 * 2) In the ISA Management window, expand Servers and Arrays, expand  , expand Monitoring Configuration, and then click Logs.
 * 3) In the right pane of the ISA Management window, right-click the log type that you want to disable, and then click Disable.

Increase the TCP/IP Buffer Sizes in the Registry
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.You can use Registry Editor to increase the TCP/IP buffer sizes in the registry. To do so, follow these steps: <ol> Click Start, and then click Run.</li> In the Open box, type the following command, and then click OK:

regedit

</li> Locate, and then click the following registry subkey:

Note For steps 4-6, use the value name and value data entries in the following list to create the following four registry entries. Repeat the steps for each registry entry that you create.

Value Name: ForwardBufferMemory

Value Data: 80000

Value Name: MaxForwardBufferMemory

Value Data: 80000

Value Name: NumForwardPackets

Value Data: 60000

Value Name: MaxNumForwardPackets

Value Data: 60000 </li> On the Edit menu, point to New, and then click DWORD Value.</li> Type the value name, and then press ENTER.</li> Double-click the new entry that you created, type the value data in the Value Data box, click Decimal under Base, and then click OK.</li> Quit Registry Editor, and then restart the computer.</li></ol>

Enable the Firewall Client Kernel Mode Data Pump
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.You can use Registry Editor to enable the Firewall Client Kernel Mode Data Pump. To do so, follow these steps: <ol> Click Start, and then click Run.</li> In the Open box, type the following command, and then click OK:

regedit

</li> Locate, and then click the following registry subkey:

</li> On the Edit menu, point to New, and then click DWORD Value.</li> In the Value Name box, type the following value name, and then press ENTER:

KernelModeFirewallClient

</li> Double-click the new entry that you created, type the following value in the Value Data box, and then click OK:

1

</li> Quit Registry Editor, and then restart the computer.</li></ol>

<div class="references_section">