Known Limitations

Note - For the SecureXL Limitations in the UPPAK mode, see sk32578.

Limitations that apply to 100G Ports:

Category

Limitation

Applies to

KPPAK?

Applies to

UPPAK?

Reported

Resolved

Jumbo Hotfix Accumulator

Jumbo Hotfix Accumulator

Warning - It is not supported to uninstall the Jumbo Hotfix Accumulator from an appliance and reboot.

You can only install a higher Take of the Jumbo Hotfix Accumulator.

Yes

R81.10

N / A

Software Blades

Firewall

LightSpeed Appliances QLS and MLS with 100G Ports are shipped with a license that supports only the Firewall Software Blade.

You can purchase licenses for additional Software Blades.

However, the 100G Ports accelerate the traffic only for the Firewall Software Blade.

Yes

R81.10

N / A

SecureXL

Note - The User Mode (UPPAK) mode is available from:

R82

R81.20 Jumbo Hotfix Accumulator Take 38

R81.10 Jumbo Hotfix Accumulator Take 81

MDPS

MDPS (sk138672) is supported only when SecureXL works in the Kernel Mode (KPPAK) mode.

Yes

R81.10

R82

R81.20 Jumbo Hotfix Accumulator, Take 38

GTP

SecureXL does not accelerate the GTP (GPRS Tunneling Protocol) traffic.

Yes

R81.10

N / A

SCTP

SecureXL does not accelerate the SCTP (Stream Control Transmission ‎Protocol) traffic.

Yes

R81.10

N / A

Interfaces / Ports

Speed

100G Card does not support the 25 Gbps speed.

Yes

R81.10

R81.20

Bridge

If you configure a Bridge interface on the 100G Ports, the Bridge does not support hardware acceleration for connections.

Yes

R81.10

N / A

Breakout Cables

100G Ports do not support copper or fiber breakout cables.

Yes

R81.10

N / A

mlx<Number>

Ignore the interfaces with the names "mlx<Number>" (for example, "mlx1-01").

These are shadow interfaces for the Poll Mode Driver (PMD) the 100G Ports use.

Yes

R81.10

N / A

gre0

and

gretap0

Ignore the interfaces with the names "gre0" and "gretap0".

By default, Gaia OS loads the GRE kernel driver.

Therefore, Gaia OS has these interfaces in the administratively down state.

Yes

R81.10

N / A

Traffic Capture

Direction

The TCPdump option "-Q {in | out | inout}" is not supported on the 100G Ports.

If you use this option in the syntax, the TCPdump tool shows an error.

Example:

[Expert@HostName:0]# tcpdump -eni eth3-01 -Q out

Translating Check Point pseudo interface eth3-01 to RDMA sniffer interface mlx5_0 for packet capture

tcpdump: mlx5_0: pcap_setdirection() failed: Setting direction is not implemented on this platform

[Expert@HostName:0]#

Yes

R81.10

N / A

Command Line

ethtool -G

If you change the RX / TX ring sizes with the "ethool -G" command, then you must configure:

The values that are multiples of 32 for interfaces that use Intel drivers
The values that are multiples of 2 for interfaces that use Mellanox drivers

Yes

R81.10

N / A

HW Diagnostics

"HW Diagnostics" menu

Below the "HW Diagnostics" menu, messages about "LOM module" and "LOM" can possibly appear in this scenario:

A LOM Card is installed in the appliance.
You connect your computer to the Console port on the appliance.
During the appliance boot, you press any key to enter the Boot Menu.
In the Boot Menu, you select "HW Diagnostics" and press the Enter key.

Example messages:

LOM module not updated with system date and time
Unable to communicate with LOM

Yes

R81.10

N / A

"HW Diagnostics" log file

The log file from the "HW Diagnostics" > "Networking Test" shows incorrect names of interfaces in this scenario:

You connect your computer to the Console port on the appliance.
During the appliance boot, you press any key to enter the Boot Menu.
In the Boot Menu, you select "HW Diagnostics" and press the Enter key.
In the "HW Diagnostics" menu, you select "Diagnostics" (or "Custom" > "Networking Test") and press the Enter key.
In the "HW Diagnostics" menu, you select "Save Logs".
You examine the "NETWORK_TEST_<Date>_<Time>.log" file.

This is a cosmetic issue only.

Yes

R81.10

N / A