currently I'm involved in some test cases that should verify Nokia IP1260/CheckPoint NG AI R54 performance.
Unfortunately I'll have to set up a rulebase with 5000 different entries for one of my tests. I'm not too lucky with my attempts right now.
I've created a rule base with 5000 disabled rules and saved the "rulebase.W" and the "objects_5_0.C" files. Using a self written Perl script I've adjusted "rulebase.W" in a way that it looks excactly the way before except the service (which has been set to "any" for all rules) has been replaced with a unique value. Now I have a curious problem:
"fwm gen rulebase.W > rulebase.pf" does only create a rule base containing 2 rules. What happened to the remaining 4998 rules? Are there other files which I have to modify as well? Is this right approach for doing this?
I've edited my rulesbase directly within rulebases_5_0.fws. Afterwards a "fw gen" (which took about half an hour to finish) and an "fw load" to install the new rulebase (in INPECT format) to my firewall system. Besides several "stack overflow errors" on my firewall everything worked fine.
