Configure Interface Object Optimization

During deployment, interface groups and security zones used in the access control and prefilter policies generate separate rules for each source/destination interface pair. If you enable interface object optimization, the system will instead deploy a single rule per access control/prefilter rule, which can simplify the device configuration and improve deployment performance. If you select this option, also select the Object Group Search option to reduce memory usage on the device.

Interface object optimization is disabled by default. You can enable it on one device at a time; you cannot enable it globally.

Note

If you disable interface object optimization, your existing access control rules will be deployed without using interface objects, which might make deployment take longer. In addition, if object group search is enabled, its benefits will not apply to interface objects, and you might see expansion in the access control rules in the device’s running configuration. If the expansion requires more memory than is available on the device, your device can be left in an inconsistent state and you might see a performance impact.

Before you begin

Model SupportThreat Defense

Procedure


Step 1

Choose Devices > Device Management.

Step 2

Next to the threat defense device where you want to configure the rule, click the Edit (edit icon).

Step 3

Click the Device tab, then click Edit (edit icon) in the Advanced Settings section.

Step 4

Check Interface Object Optimization.

Step 5

Click Save.