Additional configuration for heavy loads

July 3, 2024

These instructions are applicable if Kaspersky Web Traffic Security was installed from an RPM or DEB package to a ready-to-use operating system. If Kaspersky Web Traffic Security was installed from an ISO file, configuration files for the built-in proxy server cannot be manually changed.

To process a large number of network connections, you must configure the performance settings of the Squid service and the network stack of the operating system.

To perform additional configuration:

  1. Create a configuration file named /etc/sysctl.d/90-net-tcp.conf with the following contents:

    net.core.somaxconn = 1024

    net.core.netdev_max_backlog = 2048

    net.ipv4.ip_local_port_range = 1024 65535

    net.ipv4.tcp_max_syn_backlog = 2048

    net.ipv4.tcp_fin_timeout = 20

    net.ipv4.tcp_syncookies = 1

    net.ipv4.tcp_timestamps = 1

    net.ipv4.tcp_tw_reuse = 1

    net.ipv4.tcp_rfc1337 = 1

  2. Apply the changes. To do so, execute the command:

    sysctl -p /etc/sysctl.d/90-net-tcp.conf

  3. Configure the performance settings of the Squid service. To do so, add the following string to the end of the configuration file /etc/squid/squid.conf:

    workers <number of physical cores of all processors of the server>

  4. Restart the Squid service. To do so, execute the command:

    service squid restart

Additional configuration is now complete.

