Print Download PDF Send Feedback

Previous

Next

fwaccel cfg

Description

Controls the SecureXL acceleration parameters.

Important - In Cluster, you must configure the SecureXL in the same way on all the Cluster Members.

Syntax

fwaccel cfg

-h

-a {<Number of Interface> | <Name of Interface> | reset}

-b {on | off}

-c <Number>

-d <Number>

-e <Number>

-i {on | off}

-l <Number>

-m <Seconds>

-p {on | off}

-r <Number>

-v <Seconds>

-w {on | off}

Important:

Parameters

Parameter

Description

-h

Shows the applicable built-in help.

-a <Number of Interface>

-a <Name of Interface>

-a reset

  • -a <Number of Interface> - Configures the SecureXL not to accelerate traffic on the interface specified by its internal number in Check Point kernel.
  • -a <Name of Interface> - Configures the SecureXL not to accelerate traffic on the interface specified by its name.
  • -a reset - Configures the SecureXL to accelerate traffic on all interfaces (resets the non-accelerated configuration).

Notes:

  • This command does not support Falcon Acceleration Cards.
  • o see the required information about the interfaces, run these commands in the specified order:

    fw getifs

    fw ctl iflist

  • To see if this "fwaccel cfg -a ..." command failed, run this command:

    tail -n 10 /var/log/messages

-b {on | off}

Controls the SecureXL Drop Templates match (sk66402):

  • on - Enables the SecureXL Drop Templates match
  • off - Disables the SecureXL Drop Templates match

Important - In R80.20, SecureXL does not support this parameter yet.

-c <Number>

Configures the maximal number of connections, when SecureXL disables the templates.

-d <Number>

Configures the maximal number of delete retries.

-e <Number>

Configures the maximal number of general errors.

-i {on | off}

Configures SecureXL to ignore API version mismatch:

  • on - Ignore API version mismatch.
  • off - Do not ignore API version mismatch (this is the default).

-l <Number>

Configures the maximal number of entries in the SecureXL templates database.

Valid values are:

  • 0 - To disable the limit (this is the default).
  • Between 10 and 524288 - To configure the limit.

Important - If you configure a limit, you must stop and start the acceleration for this change to take effect. Run the fwaccel off command and then the fwaccel on command.

-m <Seconds>

Configures the timeout for entries in the SecureXL templates database.

Valid values are:

  • 0 - To disable the timeout (this is the default).
  • Between 10 and 524288 - To configure the timeout.

-p {on | off}

Configures the offload of Connection Templates (if possible):

  • on - Enables the offload of new templates (this is the default).
  • off - Disables the offload of new templates.

-r <Number>

Configures the maximal number of retries for SecureXL API calls.

-v <Seconds>

Configures the interval between SecureXL statistics request.

Valid values are:

  • 0 - To disable the interval.
  • 1 and greater - To configure the interval.

-w {on | off}

Configures the support for warnings about the IPS protection Sequence Verifier:

  • on - Enable the support for these warnings.
  • off - Disables the support for these warnings.