Beware the /3GB Switch on Your ISA Firewalls
Probably one of the most misunderstood memory related settings on Windows based computers is the /3GB settings. Many people think that if you have 4 GB of RAM on the machine, you should automatically enable that setting. Not so! In fact, if you enable it on the ISA firewall, you're going to be in for a world of hurt.
Why? The main problem is that you reduce the amount of kernel mode memory to 1 GB, which leads to reducing the total available nonpaged pool memory available to the ISA firewall. In fact, you drop the amount in half, from 256 MB or 128 MB. This can lead to connections being dropped when you have a large number of connection or spikes in activity.
The good news is that the ISA firewall BPA picks up the problem and call it out as an issue if you setup the /3GB switch.
Many thanks to Yuri Diogenes for pointing out this issue in his blog post at http://blogs.technet.com/yuridiogenes/archive/2008/08/21/why-3gb-can-negatively-affect-your-isa-server.aspx We've been aware of this issue for years, but I don't think I've blogged about it before or mentioned it in the articles or Web boards.
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)