'fwaccel off' and 'fwaccel6 off'

Description

These commands stop the SecureXL on-the-fly.

Starting from R80.20, you can stop the SecureXL only temporarily. The SecureXL starts automatically when you start Check Point services (with the cpstart command), or reboot the Security Group member.

Important:

Disable the SecureXL only for debug purposes, if Check Point Support explicitly instructs you to do so.
If you disable the SecureXL, this change does not survive reboot.
SecureXL remains disabled until you enable it again on-the-fly, or reboot the Security Group member.
If you disable the SecureXL, this change applies only to new connections that arrive after you disable the acceleration.
SecureXL continues to accelerate the connections that are already accelerated.

Other non-connection oriented processing continues to function (for example, virtual defragmentation, VPN decrypt).
On VSX Gateway:
- If you wish to stop the acceleration only for a specific Virtual System, go to the context of that Virtual System.
  In Gaia gClish, run: set virtual-system <VSID>
  
  In Expert mode, run: vsenv <VSID>
- If you wish to stop the acceleration for all Virtual Systems, you must use the -a parameter.
  In this case, it does not matter from which Virtual System context you run this command.

Notes:

In Gaia gClish, run the fwaccel off and fwaccel6 off commands.
In Expert mode, run the g_fwaccel off and g_fwaccel6 off commands.

Syntax for IPv4

fwaccel [-i <SecureXL ID>] off [-a] [-q]

Syntax for IPv6

fwaccel6 off [-a] [-q]

Parameters

Parameter	Description
`-i <`SecureXL ID`>`	Specifies the SecureXL instance ID (for IPv4 only).
`-a`	On VSX Gateway, stops acceleration on all Virtual Systems.
`-q`	Suppresses the output (does not show a returned output).

Possible returned output

SecureXL device disabled
SecureXL device is not active
Failed to disable SecureXL device
fwaccel_off: failed to set process context <VSID>

Example 1 - Output from a non-VSX Gateway

[Expert@HostName-ch0x-0x:0]# g_fwaccel off

SecureXL device disabled.

[Expert@HostName-ch0x-0x:0]#

Example 2 - Output from a VSX Gateway for a specific Virtual System

[Expert@MyVSXGW:1]# vsx stat -v

VSX Gateway Status

==================

Name: VSX2_192.168.3.242

Access Control Policy: VSX_GW_VSX

Installed at: 17Sep2018 13:17:14

Threat Prevention Policy: <No Policy>

SIC Status: Trust

Number of Virtual Systems allowed by license: 25

Virtual Systems [active / configured]: 2 / 2

Virtual Routers and Switches [active / configured]: 0 / 0

Total connections [current / limit]: 4 / 44700

Virtual Devices Status

======================

-----+---------------------+-----------------------+-----------------+--------------------------+---------

1 | S VS1 | VS1_Policy | 17Sep2018 12:47 | <No Policy> | Trust

2 | S VS2 | VS2_Policy | 17Sep2018 12:47 | <No Policy> | Trust

Type: S - Virtual System, B - Virtual System in Bridge mode,

R - Virtual Router, W - Virtual Switch.

[Expert@MyVSXGW:1]#

[Expert@MyVSXGW:1]# vsenv 1

Context is set to Virtual Device VS1 (ID 1).

[Expert@MyVSXGW:1]#

[Expert@MyVSXGW:1]# g_fwaccel stat -t

+-----------------------------------------------------------------------------+

+-----------------------------------------------------------------------------+

+-----------------------------------------------------------------------------+

[Expert@MyVSXGW:1]#

[Expert@MyVSXGW:1]# g_fwaccel off

SecureXL device disabled. (Virtual ID 1)

[Expert@MyVSXGW:1]#

[Expert@MyVSXGW:1]# g_fwaccel stat -t

+-----------------------------------------------------------------------------+

+-----------------------------------------------------------------------------+

+-----------------------------------------------------------------------------+

[Expert@MyVSXGW:1]#

Example 3 - Output from a VSX Gateway for all Virtual Systems

[Expert@MyVSXGW:1]# vsx stat -v

VSX Gateway Status

==================

Name: VSX2_192.168.3.242

Access Control Policy: VSX_GW_VSX

Installed at: 17Sep2018 13:17:14

Threat Prevention Policy: <No Policy>

SIC Status: Trust

Number of Virtual Systems allowed by license: 25

Virtual Systems [active / configured]: 2 / 2

Virtual Routers and Switches [active / configured]: 0 / 0

Total connections [current / limit]: 4 / 44700

Virtual Devices Status

======================

-----+---------------------+-----------------------+-----------------+--------------------------+---------

1 | S VS1 | VS1_Policy | 17Sep2018 12:47 | <No Policy> | Trust

2 | S VS2 | VS2_Policy | 17Sep2018 12:47 | <No Policy> | Trust

Type: S - Virtual System, B - Virtual System in Bridge mode,

R - Virtual Router, W - Virtual Switch.

[Expert@MyVSXGW:1]#

[Expert@MyVSXGW:1]# vsenv 1

Context is set to Virtual Device VS1 (ID 1).

[Expert@MyVSXGW:1]#

[Expert@MyVSXGW:1]# g_fwaccel off -a

SecureXL device disabled. (Virtual ID 0)

SecureXL device disabled. (Virtual ID 1)

SecureXL device disabled. (Virtual ID 2)

[Expert@MyVSXGW:1]#