'fwaccel off' and 'fwaccel6 off'

Description

These commands stop the SecureXL on-the-fly.

Starting from R80.20, you can stop the SecureXL only temporarily. The SecureXL starts automatically when you start Check Point services (with the cpstart command), or reboot the Security Gateway.

Important:

Disable the SecureXL only for debug purposes, if Check Point Support explicitly instructs you to do so.
If you disable the SecureXL, this change does not survive reboot.
SecureXL remains disabled until you enable it again on-the-fly, or reboot the Security Gateway.
If you disable the SecureXL, this change applies only to new connections that arrive after you disable the acceleration.
SecureXL continues to accelerate the connections that are already accelerated.

Other non-connection oriented processing continues to function (for example, virtual defragmentation, VPN decrypt).
On VSX Gateway:
- If you wish to stop the acceleration only for a specific Virtual System, go to the context of that Virtual System.
  In Gaia Clish, run: set virtual-system <VSID>
  
  In Expert mode, run: vsenv <VSID>
- If you wish to stop the acceleration for all Virtual Systems, you must use the -a parameter.
  In this case, it does not matter from which Virtual System context you run this command.
In Cluster, you must configure the SecureXL in the same way on all the Cluster Members.

Syntax for IPv4

fwaccel [-i <SecureXL ID>] off [-a] [-q]

Syntax for IPv6

fwaccel6 off [-a] [-q]

Parameters

Parameter	Description
`-i <`SecureXL ID`>`	Specifies the SecureXL instance ID (for IPv4 only).
`-a`	On VSX Gateway, stops acceleration on all Virtual Systems.
`-q`	Suppresses the output (does not show a returned output).

Possible returned output

SecureXL device disabled
SecureXL device is not active
Failed to disable SecureXL device
fwaccel_off: failed to set process context <VSID>

Example 1 - Output from a non-VSX Gateway

[Expert@MyGW:0]# fwaccel off

SecureXL device disabled.

[Expert@MyGW:0]#

Example 2 - Output from a VSX Gateway for a specific Virtual System

[Expert@MyVSXGW:1]# vsx stat -v

VSX Gateway Status

==================

Name: VSX2_192.168.3.242

Access Control Policy: VSX_GW_VSX

Installed at: 17Sep2018 13:17:14

Threat Prevention Policy: <No Policy>

SIC Status: Trust

Number of Virtual Systems allowed by license: 25

Virtual Systems [active / configured]: 2 / 2

Virtual Routers and Switches [active / configured]: 0 / 0

Total connections [current / limit]: 4 / 44700

Virtual Devices Status

======================

-----+---------------------+-----------------------+-----------------+--------------------------+---------

1 | S VS1 | VS1_Policy | 17Sep2018 12:47 | <No Policy> | Trust

2 | S VS2 | VS2_Policy | 17Sep2018 12:47 | <No Policy> | Trust

Type: S - Virtual System, B - Virtual System in Bridge mode,

R - Virtual Router, W - Virtual Switch.

[Expert@MyVSXGW:1]#

[Expert@MyVSXGW:1]# vsenv 1

Context is set to Virtual Device VS1 (ID 1).

[Expert@MyVSXGW:1]#

[Expert@MyVSXGW:1]# fwaccel stat -t

+-----------------------------------------------------------------------------+

+-----------------------------------------------------------------------------+

+-----------------------------------------------------------------------------+

[Expert@MyVSXGW:1]#

[Expert@MyVSXGW:1]# fwaccel off

SecureXL device disabled. (Virtual ID 1)

[Expert@MyVSXGW:1]#

[Expert@MyVSXGW:1]# fwaccel stat -t

+-----------------------------------------------------------------------------+

+-----------------------------------------------------------------------------+

+-----------------------------------------------------------------------------+

[Expert@MyVSXGW:1]#

Example 3 - Output from a VSX Gateway for all Virtual Systems

[Expert@MyVSXGW:1]# vsx stat -v

VSX Gateway Status

==================

Name: VSX2_192.168.3.242

Access Control Policy: VSX_GW_VSX

Installed at: 17Sep2018 13:17:14

Threat Prevention Policy: <No Policy>

SIC Status: Trust

Number of Virtual Systems allowed by license: 25

Virtual Systems [active / configured]: 2 / 2

Virtual Routers and Switches [active / configured]: 0 / 0

Total connections [current / limit]: 4 / 44700

Virtual Devices Status

======================

-----+---------------------+-----------------------+-----------------+--------------------------+---------

1 | S VS1 | VS1_Policy | 17Sep2018 12:47 | <No Policy> | Trust

2 | S VS2 | VS2_Policy | 17Sep2018 12:47 | <No Policy> | Trust

Type: S - Virtual System, B - Virtual System in Bridge mode,

R - Virtual Router, W - Virtual Switch.

[Expert@MyVSXGW:1]#

[Expert@MyVSXGW:1]# vsenv 1

Context is set to Virtual Device VS1 (ID 1).

[Expert@MyVSXGW:1]#

[Expert@MyVSXGW:1]# fwaccel off -a

SecureXL device disabled. (Virtual ID 0)

SecureXL device disabled. (Virtual ID 1)

SecureXL device disabled. (Virtual ID 2)

[Expert@MyVSXGW:1]#