fwaccel cfg

Description

The "fwaccel cfg" command controls the SecureXL Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. acceleration parameters (for IPv4 only).

Important:

In a Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing., you must configure all the Cluster Members in the same way.
On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group A logical group of Security Appliances (in Maestro) / Security Gateway Modules (on Scalable Chassis) that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances / Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. In Maestro, each Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected..
These commands do not provide output. You cannot see the currently configured values.
Changes made with these commands do not survive reboot.

Syntax

Syntax on a Security Gateway / ClusterXL - in Gaia Clish and the Expert mode

fwaccel cfg

-h

-a {<Number of Interface> | <Name of Interface> | reset}

-b {on | off}

-c <Number>

-d <Number>

-e <Number>

-i {on | off}

-l <Number>

-m <Seconds>

-p {on | off}

-r <Number>

-v <Seconds>

-w {on | off}

Syntax on a Scalable Platform Security Group - in Gaia gClish

fwaccel cfg

-h

-a {<Number of Interface> | <Name of Interface> | reset}

-b {on | off}

-c <Number>

-d <Number>

-e <Number>

-i {on | off}

-l <Number>

-m <Seconds>

-p {on | off}

-r <Number>

-v <Seconds>

-w {on | off}

Syntax on a Scalable PlatformSecurity Group - in the Expert mode

g_fwaccel cfg

-h

-a {<Number of Interface> | <Name of Interface> | reset}

-b {on | off}

-c <Number>

-d <Number>

-e <Number>

-i {on | off}

-l <Number>

-m <Seconds>

-p {on | off}

-r <Number>

-v <Seconds>

-w {on | off}

Parameters

Parameter

Description

-h

Shows the applicable built-in help.

-a <Number of Interface>

-a <Name of Interface>

-a reset

-a <Number of Interface>

Configures the SecureXL not to accelerate traffic on the interface specified by its internal number in Check Point kernel.
-a <Name of Interface>

Configures the SecureXL not to accelerate traffic on the interface specified by its name.
-a reset

Configures the SecureXL to accelerate traffic on all interfaces (resets the non-accelerated configuration).

Notes:

This command does not support Falcon Acceleration Cards.
To see the required information about the interfaces, run these commands in the specified order:

fw getifs

fw ctl iflist

To see if the "fwaccel cfg -a ..." command failed, run this command:

tail -n 10 /var/log/messages

-b {on | off}

Controls the SecureXL Drop Templates match (sk66402):

on - Enables the SecureXL Drop Templates match
off - Disables the SecureXL Drop Templates match

Note - In R81.10, SecureXL does not support this parameter yet..

-c <Number>

Configures the maximal number of connections, when SecureXL disables the templates.

-d <Number>

Configures the maximal number of delete retries.

-e <Number>

Configures the maximal number of general errors.

-i {on | off}

Configures SecureXL to ignore API version mismatch:

on - Ignore API version mismatch.
off - Do not ignore API version mismatch (this is the default).

-l <Number>

Configures the maximal number of entries in the SecureXL templates database.

Valid values are:

0 - To disable the limit (this is the default).
Between 10 and 524288 - To configure the limit.

Important - If you configure a limit, you must stop and start the acceleration for this change to take effect. Run the fwaccel off command and then the fwaccel on command.

-m <Seconds>

Configures the timeout for entries in the SecureXL templates database.

Valid values are:

0 - To disable the timeout (this is the default).
Between 10 and 524288 - To configure the timeout.

-p {on | off}

Configures the offload of Connection Templates (if possible):

on - Enables the offload of new templates (this is the default).
off - Disables the offload of new templates.

-r <Number>

Configures the maximal number of retries for SecureXL API calls.

-v <Seconds>

Configures the interval between SecureXL statistics request.

Valid values are:

0 - To disable the interval.
1 and greater - To configure the interval.

-w {on | off}

Configures the support for warnings about the IPS Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System). protection Sequence Verifier:

on - Enable the support for these warnings.
off - Disables the support for these warnings.