Additional configuration for heavy loads

These instructions are applicable if Kaspersky Web Traffic Security was installed from an RPM or DEB package to an existing operating system. If Kaspersky Web Traffic Security was deployed from an ISO file, you cannot edit the configuration files of the built-in proxy server.

To process a large number of network connections, you must configure the performance settings of the Squid service and the network stack of the operating system.

To perform additional configuration:

1. Create a configuration file named /etc/sysctl.d/90-net-tcp.conf with the following contents:

   net.core.somaxconn = 1024

   net.core.netdev_max_backlog = 2048

   net.ipv4.ip_local_port_range = 1024 65535

   net.ipv4.tcp_max_syn_backlog = 2048

   net.ipv4.tcp_fin_timeout = 20

   net.ipv4.tcp_syncookies = 1

   net.ipv4.tcp_timestamps = 1

   net.ipv4.tcp_tw_reuse = 1

   net.ipv4.tcp_rfc1337 = 1

2. Apply the changes. To do so, execute the command:

   sysctl -p /etc/sysctl.d/90-net-tcp.conf

3. Configure the performance settings of the Squid service. To do so, add the following string to the end of the configuration file /etc/squid/squid.conf:

   workers <number of physical cores of all processors of the server>

4. Restart the Squid service. To do so, execute the command:

   service squid restart

Additional configuration is now complete.

Page top