fwaccel on

Description

The fwaccel on and fwaccel6 on commands start the acceleration on-the-fly, if it was previously stopped with the fwaccel off or fwaccel6 off command (see fwaccel off).

Important:

On a VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0.:
- If you wish to start the acceleration only for a specific Virtual System, go to the context of that Virtual System.
  
  In Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group., run: set virtual-system <VSID>
  
  In Expert mode, run: vsenv <VSID>
- If you wish to start the acceleration for all Virtual Systems, you must use the "-a" parameter.
  
  In this case, it does not matter from which Virtual System context you run this command.

Important:

The same SecureXL Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. command must run on all Security Group A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. Members.

Therefore, you must run the SecureXL commands in either Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. gClish, or Expert mode.

In Gaia gClish, run the "fwaccel ..." and "fwaccel6 ..." commands.
In the Expert mode, run the "g_fwaccel ..." and "g_fwaccel6 ..." commands.

Syntax for IPv4

fwaccel [-i <SecureXL ID>] on [-a] [-q]

Syntax for IPv6

fwaccel6 on [-a] [-q]

Parameters

Parameter	Description
`-i <SecureXL ID>`	Specifies the SecureXL instance ID (for IPv4 only).
`-a`	On a VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Gateway, starts the acceleration on all Virtual Systems.
`-q`	Suppresses the output (does not show a returned output).

Possible returned output

SecureXL device is enabled.
Failed to start SecureXL.
No license for SecureXL.
SecureXL is disabled by the firewall. Please try again later.
The installed SecureXL device is not compatible with the installed firewall (version mismatch).
The SecureXL device is in the process of being stopped. Please try again later.
SecureXL cannot be started while "flows" are active.
SecureXL is already started.
SecureXL will be started after a policy is loaded.
fwaccel: Failed to check FloodGate-1 status. Acceleration will not be started.
FW-1: SecureXL acceleration cannot be started while QoS is running in express mode.

Please disable FloodGate-1 express mode or SecureXL.
FW-1: SecureXL acceleration cannot be started while QoS is running with citrix printing rule.

Please remove the citrix printing rule to enable SecureXL.
FW-1: SecureXL acceleration cannot be started while QoS is running with UAS rule.

Please remove the UAS rule to enable SecureXL.
FW-1: SecureXL acceleration cannot be started while QoS is running.

Please remove the QoS blade to enable SecureXL.
Failed to enable SecureXL device
fwaccel_on: failed to set process context <VSID>

Example 1 - Output from a non-VSX Gateway

[Expert@MyChassis-ch0x-0x:0]# g_fwaccel on

SecureXL device is enabled.

[Expert@MyChassis-ch0x-0x:0]#

Example 2 - Output from a VSX Gateway for a specific Virtual System

[Expert@MyChassis-ch0x-0x:1]# vsx stat -v
VSX Gateway Status
==================
Name:            VSX2_192.168.3.242
Access Control Policy: VSX_GW_VSX
Installed at:    17Sep2018 13:17:14
Threat Prevention Policy: <No Policy> 
SIC Status:      Trust
 
Number of Virtual Systems allowed by license:          25
Virtual Systems [active / configured]:                  2 / 2
Virtual Routers and Switches [active / configured]:     0 / 0
Total connections [current / limit]:                    4 / 44700
 
Virtual Devices Status
======================
 
 ID  | Type &amp; Name     | Access Control Policy | Installed at    | Threat Prevention Policy | SIC Stat
-----+---------------------+-----------------------+-----------------+--------------------------+---------
   1 | S VS1               | VS1_Policy            | 17Sep2018 12:47 | <No Policy>              | Trust
   2 | S VS2               | VS2_Policy            | 17Sep2018 12:47 | <No Policy>              | Trust
 
Type: S - Virtual System, B - Virtual System in Bridge mode,
      R - Virtual Router, W - Virtual Switch.
 
[Expert@MyChassis-ch0x-0x:1]#
[Expert@MyChassis-ch0x-0x:1]# vsenv 1
Context is set to Virtual Device VS1 (ID 1).
[Expert@MyChassis-ch0x-0x:1]#
[Expert@MyChassis-ch0x-0x:1]# fwaccel stat -t
+-----------------------------------------------------------------------------+
|Id|Name |Status     |Interfaces               |Features                      |
+-----------------------------------------------------------------------------+
|0 |SND  |disabled   |eth1,eth2,eth3           |Acceleration,Cryptography     |
+-----------------------------------------------------------------------------+
 
[Expert@MyChassis-ch0x-0x:1]#
 
[Expert@MyChassis-ch0x-0x:1]# fwaccel on
[Expert@MyChassis-ch0x-0x:1]#
[Expert@MyChassis-ch0x-0x:1]# fwaccel stat -t
+-----------------------------------------------------------------------------+
|Id|Name |Status     |Interfaces               |Features                      |
+-----------------------------------------------------------------------------+
|0 |SND  |enabled    |eth1,eth2,eth3           |Acceleration,Cryptography     |
+-----------------------------------------------------------------------------+
 
[Expert@MyChassis-ch0x-0x:1]#

Example 3 - Output from a VSX Gateway for all Virtual Systems

[Expert@MyChassis-ch0x-0x:1]# vsx stat -v
VSX Gateway Status
==================
Name:            VSX2_192.168.3.242
Access Control Policy: VSX_GW_VSX
Installed at:    17Sep2018 13:17:14
Threat Prevention Policy: <No Policy> 
SIC Status:      Trust
 
Number of Virtual Systems allowed by license:          25
Virtual Systems [active / configured]:                  2 / 2
Virtual Routers and Switches [active / configured]:     0 / 0
Total connections [current / limit]:                    4 / 44700
 
Virtual Devices Status
======================
 
 ID  | Type &amp; Name     | Access Control Policy | Installed at    | Threat Prevention Policy | SIC Stat
-----+---------------------+-----------------------+-----------------+--------------------------+---------
   1 | S VS1               | VS1_Policy            | 17Sep2018 12:47 | <No Policy>              | Trust
   2 | S VS2               | VS2_Policy            | 17Sep2018 12:47 | <No Policy>              | Trust
 
Type: S - Virtual System, B - Virtual System in Bridge mode,
      R - Virtual Router, W - Virtual Switch.
 
[Expert@MyChassis-ch0x-0x:1]#
[Expert@MyChassis-ch0x-0x:1]# vsenv 1
Context is set to Virtual Device VS1 (ID 1).
[Expert@MyChassis-ch0x-0x:1]#
[Expert@MyChassis-ch0x-0x:1]# fwaccel on -a
[Expert@MyChassis-ch0x-0x:1]#