Additional configuration for heavy loads

These instructions are applicable if Kaspersky Web Traffic Security was installed from an RPM or DEB package to a ready-to-use operating system. If Kaspersky Web Traffic Security was installed from an ISO file, configuration files for the built-in proxy server cannot be manually changed.

To process a large number of network connections, you must configure the performance settings of the Squid service and the network stack of the operating system.

To perform additional configuration:

1. Create a configuration file named /etc/sysctl.d/90-net-tcp.conf with the following contents:

   net.core.somaxconn = 1024

   net.core.netdev_max_backlog = 2048

   net.ipv4.ip_local_port_range = 1024 65535

   net.ipv4.tcp_max_syn_backlog = 2048

   net.ipv4.tcp_fin_timeout = 20

   net.ipv4.tcp_syncookies = 1

   net.ipv4.tcp_timestamps = 1

   net.ipv4.tcp_tw_reuse = 1

   net.ipv4.tcp_rfc1337 = 1

2. Apply the changes. To do so, execute the command:

   sysctl -p /etc/sysctl.d/90-net-tcp.conf

3. Configure the performance settings of the Squid service. To do so, add the following string to the end of the configuration file /etc/squid/squid.conf:

   workers <number of physical cores of all processors of the server>

4. Restart the Squid service. To do so, execute the command:

   service squid restart

Additional configuration is now complete.