fwaccel ranges

Description

The fwaccel ranges and fwaccel6 ranges commands show the SecureXL Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. loaded ranges:

Ranges of Rule Base All rules configured in a given Security Policy. Synonym: Rulebase. source IP addresses
Ranges of Rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. Base destination IP addresses
Ranges of Rule Base destination ports and protocols

The Security Group A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. creates these ranges during the policy installation. The Firewall creates and offloads ranges to SecureXL when any of these feature is enabled:

Rulebase ranges for Drop Templates
Anti-Spoofing enforcement ranges on per-interface basis
NAT64 ranges
NAT46 ranges

These ranges are related to matching of connections to SecureXL Drop Templates. These ranges represent the Source, Destination and Service columns of the Rule Base.

These ranges are not exactly the same as the Rule Base, because as there are objects that cannot be represented as real (deterministic) IP addresses. For example, Domain objects and Dynamic objects. The Security Group converts such non-deterministic objects to "Any" IP address.

In addition, implied rules are represented in these ranges, except for some specific implied rules.

You can use these commands for troubleshooting.

Important:

The same SecureXL command must run on all Security Group Members.

Therefore, you must run the SecureXL commands in either Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group., or Expert mode.

In Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. gClish, run the "fwaccel ..." and "fwaccel6 ..." commands.
In the Expert mode, run the "g_fwaccel ..." and "g_fwaccel6 ..." commands.

Syntax for IPv4

fwaccel [-i <SecureXL ID>] ranges

-h

-a

-l

-p <Range ID>

-s <Range ID>

Syntax for IPv6

fwaccel6 ranges

-h

-a

-l

-p <Range ID>

-s <Range ID>

Parameters

Parameter	Description
`-i <SecureXL ID>`	Specifies the SecureXL instance ID (for IPv4 only).
`-h`	Shows the applicable built-in usage.
`-a` or No Parameters	Shows the full information for all loaded ranges. Note - In the list of SecureXL Drop Templates (output of the fwaccel templates command), each Drop Template is assembled from ranges indexes. To see mapping between range index and the range itself, run this command "`fwaccel ranges -a`". This way you understand better the practical ranges for Drop Templates and when it is appropriate to use them.
`-l`	Shows the list of loaded ranges: 0 - Ranges of Rule Base source IP addresses 1 - Ranges of Rule Base destination IP addresses 2 - Ranges of Rule Base destination ports and protocols
`-p <Range ID>`	Shows the full information for the specified range.
`-s <Range ID>`	Shows the summary information for the specified range.

Examples