Print Download PDF Send Feedback

Previous

SecureXL Kernel Parameters

To change the internal default behavior of SecureXL or to configure special advanced settings for SecureXL, you can use SecureXL kernel parameters.

The names of applicable SecureXL kernel parameters and their values appear in various SK articles in Support Center, and provided by Check Point Support.

Important

Examples of SecureXL kernel parameters

Type

Name

Integer

num_of_sxl_devices

sim_ipsec_dont_fragment

tcp_always_keepalive

sim_log_all_frags

simple_debug_filter_dport_1

simple_debug_filter_proto_1

String

simple_debug_filter_addr_1

simple_debug_filter_daddr_2

simlinux_excluded_ifs_list

To see the list of the available SecureXL integer kernel parameters and their values on your Security Gateway:

Step

Description

1

Connect to the command line on your Security Gateway.

2

Log in to the Expert mode.

3

Get the list of the available integer kernel parameters and their values:

[Expert@MyGW:0]# modinfo -p $PPKDIR/boot/modules/sim_kern*.o | sort -u | grep _type | awk 'BEGIN {FS=":"} ; {print $1}' | xargs -n 1 fw ctl get int 1>> /var/log/sxl_integer_kernel_parameters.txt 2>> /var/log/sxl_integer_kernel_parameters.txt

4

Analyze the output file:

/var/log/sxl_integer_kernel_parameters.txt

To see the list of the available SecureXL string kernel parameters and their values on your Security Gateway:

Step

Description

1

Connect to the command line on your Security Gateway.

2

Log in to the Expert mode.

3

Get the list of the available integer kernel parameters and their values:

[Expert@MyGW:0]# modinfo -p $PPKDIR/boot/modules/sim_kern*.o | sort -u | grep 'string param' | awk 'BEGIN {FS=":"} ; {print $1}' | xargs -n 1 fw ctl get str 1>> /var/log/sxl_string_kernel_parameters.txt 2>> /var/log/sxl_string_kernel_parameters.txt

4

Analyze the output file:

/var/log/sxl_string_kernel_parameters.txt

To set a value for a SecureXL kernel parameter permanently:

Step

Description

1

Connect to the command line on your Security Gateway.

2

Log in to the Expert mode.

3

See if the configuration file already exists:

[Expert@MyGW:0]# ls -l $PPKDIR/conf/simkern.conf

4

If this file already exists, skip to Step 5.

If this file does not exist, then create it manually and then skip to Step 6:

[Expert@MyGW:0]# touch $PPKDIR/conf/simkern.conf

5

Back up the current configuration file:

[Expert@MyGW:0]# cp -v $PPKDIR/conf/simkern.conf{,_BKP}

6

Edit the current configuration file:

[Expert@MyGW:0]# vi $PPKDIR/conf/simkern.conf

7

Add the required SecureXL kernel parameter with the assigned value in the exact format specified below.

Important - This configuration file does not support space characters, tabulation characters, and comments (lines that contain the # character).

  • To add an integer kernel parameter:

    <Name_of_SecureXL_Integer_Kernel_Parameter>=<Integer_Value>

  • To add a string kernel parameter:

    <Name_of_SecureXL_String_Kernel_Parameter>="<String_Text>"

    or

    <Name_of_SecureXL_String_Kernel_Parameter>="<String_Text>"

8

Save the changes in the file and exit the Vi editor.

9

Reboot the Security Gateway.

Important - In cluster, this can cause a failover.

10

Connect to the command line on your Security Gateway.

11

Log in to Gaia Clish or the Expert mode.

12

Make sure the new value of the kernel parameter is set:

  • For an integer kernel parameter, run:

    fw ctl get int <Name of Integer Kernel Parameter> [-a]

  • For a string kernel parameter, run:

    fw ctl get str <Name of String Kernel Parameter> [-a]

For more information, see sk26202: Changing the kernel global parameters for Check Point Security Gateway.