fwaccel templates

Description

The fwaccel templates and fwaccel6 templates commands show the contents of the SecureXL Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. templates tables:

Accept Templates
Drop Templates

Important - Based on the number of current templates, these commands can consume memory at very high level.

Important:

The same SecureXL command must run on all Security Group A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. Members.

Therefore, you must run the SecureXL commands in either Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group., or Expert mode.

In Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. gClish, run the "fwaccel ..." and "fwaccel6 ..." commands.
In the Expert mode, run the "g_fwaccel ..." and "g_fwaccel6 ..." commands.

Syntax for IPv4

fwaccel [-i <SecureXL ID>] templates

[-h]

[-d]

[-m <Number of Rows>]

[-s]

[-S]

Syntax for IPv6

fwaccel6 templates

[-h]

[-d]

[-m <Number of Rows>]

[-s]

[-S]

Parameters

Parameter	Description
`-i <SecureXL ID>`	Specifies the SecureXL instance ID (for IPv4 only).
No Parameters	Shows the contents of the SecureXL Accept Templates table (Table Name - `cphwd_tmpl`, Table ID - 8111).
`-h`	Shows the applicable built-in usage.
`-d`	Shows the contents of the SecureXL Drop Templates table.
`-m <Number of Rows>`	Specifies how many rows to show from the templates table. Note - The command counts from the top of the table. Default : 1000
`-s`	Shows the summary of SecureXL Connections Templates (number of templates)
`-S`	Shows statistics for the SecureXL Connections Templates.

Accept Templates flags

One or more of these flags appears in the output:

Flag	Instructions
A	Connection is accounted (SecureXL counts the number of packets and bytes).
B	Connection is created for a rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. that contains an Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. object, or for a rule below that rule.
D	Connection is created for a rule that contains a Domain object, or for a rule below that rule.
I	Identity Awareness (NAC) is enabled for this connection.
N	Connection is NATed.
O	Connection is created for a rule that contains a Dynamic object, or for a rule below that rule.
Q	QoS Check Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency. is enabled for this connection.
R	Connection is created for a rule that contains a Traceroute object, or for a rule below that rule.
S	PXL (combination of SecureXL and PSL Passive Streaming Library. Packets may arrive at Security Gateway out of order, or may be legitimate retransmissions of packets that have not yet received an acknowledgment. In some cases, a retransmission may also be a deliberate attempt to evade IPS detection by sending the malicious payload in the retransmission. Security Gateway ensures that only valid packets are allowed to proceed to destinations. It does this with the Passive Streaming Library (PSL) technology. (1) The PSL is an infrastructure layer, which provides stream reassembly for TCP connections. (2) The Security Gateway makes sure that TCP data seen by the destination system is the same as seen by code above PSL. (3) The PSL handles packet reordering, congestion, and is responsible for various security aspects of the TCP layer, such as handling payload overlaps, some DoS attacks, and others. (4) The PSL is capable of receiving packets from the Firewall chain and from the SecureXL. (5) The PSL serves as a middleman between the various security applications and the network packets. It provides the applications with a coherent stream of data to work with, free of various network problems or attacks. (6) The PSL infrastructure is wrapped with well-defined APIs called the Unified Streaming APIs, which are used by the applications to register and access streamed data. For more details, see sk95193. (Passive Streaming Library)) is enabled for this connection.
T	Connection is created for a rule that contains a Time object, or for a rule below that rule.
U	Connection is unidirectional.
Z	Connection is created for a rule that contains a Security Zone object, or for a rule below that rule.

Drop Templates flags

One or more of these flags appears in the output:

Flag	Instructions
D	Drop template exists for this connection.
L	Log and Drop action for this connection.