fwaccel stats

Description

The fwaccel stats and fwaccel6 stats commands show acceleration statistics for IPv4 on the Security Group A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected..

Important:

The same SecureXL Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. command must run on all Security Group Members.

Therefore, you must run the SecureXL commands in either Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group., or Expert mode.

In Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. gClish, run the "fwaccel ..." and "fwaccel6 ..." commands.
In the Expert mode, run the "g_fwaccel ..." and "g_fwaccel6 ..." commands.

Syntax for IPv4

fwaccel [-i <SecureXL ID>] stats

[-c]

[-d]

[-l]

[-m]

[-n]

[-o]

[-p]

[-q]

[-r]

[-s]

[-x]

Syntax for IPv6

fwaccel6 stats

[-c]

[-d]

[-l]

[-m]

[-n]

[-o]

[-p]

[-q]

[-r]

[-s]

[-x]

Parameters

Parameter	Description
`-i <SecureXL ID>`	Specifies the SecureXL instance ID (for IPv4 only).
`-c`	Shows the statistics for Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Correction.
`-d`	Shows the statistics for drops from device.
`-l`	Shows the statistics in legacy mode - as one table.
`-m`	Shows the statistics for multicast traffic.
`-n`	Shows the statistics for Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. (NAC).
`-o`	Shows the statistics for Reorder Infrastructure.
`-p`	Shows the statistics for SecureXL violations (F2F Denotes non-VPN connections that SecureXL forwarded to firewall. See "Firewall Path". packets).
`-q`	Shows the statistics notifications the SecureXL sent to the Firewall.
`-r`	Resets all the counters.
`-s`	Shows the statistics summary only.
`-x`	Shows the statistics for PXL. Note - PXL is the technology name for combination of SecureXL and PSL Passive Streaming Library. Packets may arrive at Security Gateway out of order, or may be legitimate retransmissions of packets that have not yet received an acknowledgment. In some cases, a retransmission may also be a deliberate attempt to evade IPS detection by sending the malicious payload in the retransmission. Security Gateway ensures that only valid packets are allowed to proceed to destinations. It does this with the Passive Streaming Library (PSL) technology. (1) The PSL is an infrastructure layer, which provides stream reassembly for TCP connections. (2) The Security Gateway makes sure that TCP data seen by the destination system is the same as seen by code above PSL. (3) The PSL handles packet reordering, congestion, and is responsible for various security aspects of the TCP layer, such as handling payload overlaps, some DoS attacks, and others. (4) The PSL is capable of receiving packets from the Firewall chain and from the SecureXL. (5) The PSL serves as a middleman between the various security applications and the network packets. It provides the applications with a coherent stream of data to work with, free of various network problems or attacks. (6) The PSL infrastructure is wrapped with well-defined APIs called the Unified Streaming APIs, which are used by the applications to register and access streamed data. For more details, see sk95193. (Passive Streaming Library).

In addition, see: