fwaccel cfg

Description

The "fwaccel cfg" command controls the SecureXL Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. acceleration parameters (for IPv4 only).

Important:

The same SecureXL command must run on all Security Group A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. Members.

Therefore, you must run the SecureXL commands in either Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group., or Expert mode.

In Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. gClish, run the "fwaccel ..." and "fwaccel6 ..." commands.
In the Expert mode, run the "g_fwaccel ..." and "g_fwaccel6 ..." commands.

Syntax

fwaccel cfg

-h

-a {<Number of Interface> | <Name of Interface> | reset}

-b {on | off}

-c <Number>

-d <Number>

-e <Number>

-i {on | off}

-l <Number>

-m <Seconds>

-p {on | off}

-r <Number>

-v <Seconds>

-w {on | off}

Important:

These commands do not provide output. You cannot see the currently configured values.
Changes made with these commands do not survive reboot.

Parameters

Parameter

Description

-h

Shows the applicable built-in help.

-a <Number of Interface>

-a <Name of Interface>

-a reset

-a <Number of Interface>

Configures the SecureXL not to accelerate traffic on the interface specified by its internal number in Check Point kernel.
-a <Name of Interface>

Configures the SecureXL not to accelerate traffic on the interface specified by its name.
-a reset

Configures the SecureXL to accelerate traffic on all interfaces (resets the non-accelerated configuration).

Notes:

To see the required information about the interfaces, run these commands in the Expert mode in the specified order:

g_fw getifs

g_fw ctl iflist

To see if the "fwaccel cfg -a ..." command failed, run this command:

g_all tail -n 10 /var/log/messages

-b {on | off}

Controls the SecureXL Drop Templates match (sk66402):

on - Enables the SecureXL Drop Templates match
off - Disables the SecureXL Drop Templates match

Note - In R80.20SP, SecureXL does not support this parameter yet..

-c <Number>

Configures the maximal number of connections, when SecureXL disables the templates.

-d <Number>

Configures the maximal number of delete retries.

-e <Number>

Configures the maximal number of general errors.

-i {on | off}

Configures SecureXL to ignore API version mismatch:

on - Ignore API version mismatch.
off - Do not ignore API version mismatch (this is the default).

-l <Number>

Configures the maximal number of entries in the SecureXL templates database.

Valid values are:

0 - To disable the limit (this is the default).
Between 10 and 524288 - To configure the limit.

Important - If you configure a limit, you must stop and start the acceleration for this change to take effect. Run the fwaccel off command and then the fwaccel on command.

-m <Seconds>

Configures the timeout for entries in the SecureXL templates database.

Valid values are:

0 - To disable the timeout (this is the default).
Between 10 and 524288 - To configure the timeout.

-p {on | off}

Configures the offload of Connection Templates (if possible):

on - Enables the offload of new templates (this is the default).
off - Disables the offload of new templates.

-r <Number>

Configures the maximal number of retries for SecureXL API calls.

-v <Seconds>

Configures the interval between SecureXL statistics request.

Valid values are:

0 - To disable the interval.
1 and greater - To configure the interval.

-w {on | off}

Configures the support for warnings about the IPS Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System). protection Sequence Verifier:

on - Enable the support for these warnings.
off - Disables the support for these warnings.