fwboot bootconf

Description

Configures boot security options.

Notes:

You must run this command from the Expert mode.

The settings are saved in the $FWDIR/boot/boot.conf file.

Warning - To avoid issues, do not edit the $FWDIR/boot/boot.conf file manually. Edit the file only with this command.

Refer to these related commands:
- fwboot corexl
- control_bootsec

Syntax to show the current boot security options

[Expert@HostName:0]# $FWDIR/boot/fwboot bootconf

get_corexl

get_core_override

get_def

get_ipf

get_ipv6

get_kernnum

get_kern6num

Syntax to configure the boot security options

[Expert@HostName:0]# $FWDIR/boot/fwboot bootconf

set_corexl {0 | 1}

set_core_override <number>

set_def [</path/filename>]

set_ipf {0 | 1}

set_ipv6 {0 | 1}

set_kernnum <number>

set_kern6num <number>

Parameters

Parameter

Description

No Parameters

Shows the built-in help with available parameters.

get_corexl

Shows if the CoreXL Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores. is enabled or disabled:

0 - disabled
1 - enabled

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the COREXL_INSTALLED.

get_core_override

Shows the number of overriding CPU cores.

The SMT (HyperThreading) feature (sk93000) uses this configuration to set the number of CPU cores after reboot.

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the CORE_OVERRIDE.

get_def

Shows the configured path and the name of the Default Filter policy file (default is $FWDIR/boot/default.bin).

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the DEFAULT_FILTER_PATH.

get_ipf

Shows if the IP Forwarding Process of transferring of an incoming traffic from one Cluster Member to another Cluster Member for processing. There are two types of forwarding the incoming traffic between Cluster Members - Packet forwarding and Chain forwarding. For more information, see "Forwarding Layer in Cluster" and "ARP Forwarding". during boot is enabled or disabled:

0 - disabled (Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. does not forward traffic between its interfaces during boot)
1 - enabled

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the CTL_IPFORWARDING.

get_ipv6

Shows if the IPv6 support is enabled or disabled:

0 - disabled
1 - enabled

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the IPV6_INSTALLED.

get_kernnum

Shows the configured number of IPv4 CoreXL Firewall instances.

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the KERN_INSTANCE_NUM.

get_kern6num

Shows the configured number of IPv6 CoreXL Firewall instances.

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the KERN6_INSTANCE_NUM.

set_corexl {0 | 1}

Enables or disables CoreXL:

0 - disables
1 - enables

Notes:

In the $FWDIR/boot/boot.conf file, refer to the value of the COREXL_INSTALLED.
To configure CoreXL, use the cpconfig menu.

set_core_override <number>

Configures the number of overriding CPU cores.

The SMT (HyperThreading) feature (sk93000) uses this configuration to set the number of CPU cores after reboot.

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the CORE_OVERRIDE.

set_def [</path/filename>]

Configures the path and the name of the Default Filter policy file (default is $FWDIR/boot/default.bin).

Notes:

In the $FWDIR/boot/boot.conf file, refer to the value of the DEFAULT_FILTER_PATH.
If you do not specify the path and the name explicitly, then the value of the DEFAULT_FILTER_PATH is set to 0.

As a result, Security Gateway does not load a Default Filter during boot.

Best Practice - The best location for this file is the $FWDIR/boot/ directory.

set_ipf {0 | 1}

Configures the IP forwarding during boot:

0 - disables (forbids the Security Gateway to forward traffic between its interfaces during boot)
1 - enables

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the CTL_IPFORWARDING.

set_ipv6 {0 | 1}

Enables or disables the IPv6 Support:

0 - disables
1 - enables

Notes:

In the $FWDIR/boot/boot.conf file, refer to the value of the IPV6_INSTALLED.
Configure the IPv6 Support in Gaia Portal Web interface for the Check Point Gaia operating system., or Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell).. See the R81.10 Gaia Administration Guide.

set_kernnum <number>

Configures the number of IPv4 CoreXL Firewall instances.

Notes:

In the $FWDIR/boot/boot.conf file, refer to the value of the KERN_INSTANCE_NUM.
To configure CoreXL, use the cpconfig menu.

set_kern6num <number>

Configures the number of IPv6 CoreXL Firewall instances.

Notes:

In the $FWDIR/boot/boot.conf file, refer to the value of the KERN6_INSTANCE_NUM.
To configure CoreXL, use the cpconfig menu.