R81.10 Performance Tuning Administration Guide

CoreXL Firewall Mode - User Space or Kernel Space

Kernel Space Firewall (KSFW) is the infrastructure in which CoreXL Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores. Firewall instances run in the kernel.

User Space Firewall (USFW) is the infrastructure in which CoreXL Firewall instances run in the user space. This mode is available from R80.30 with Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. kernel 3.10.

Important - For the complete information about the User Space Firewall (USFW) mode, see sk167052.

To change the Firewall Mode:

Step

Instructions

1

Connect to the command line on the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. / each Cluster Member Security Gateway that is part of a cluster..

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group A logical group of Security Appliances (in Maestro) / Security Gateway Modules (on Scalable Chassis) that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances / Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. In Maestro, each Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected..

2

Log in to Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell). or Expert mode.

Note - On Scalable Platforms (Maestro and Chassis), you must use Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators and for Security Gateway Modules on Scalable Chassis. Commands you run in this shell apply to all Security Gateway Module / Security Appliances in the Security Group. or the Expert mode.

3

Run:

cpconfig

4

Enter the number of the Check Point CoreXL option.

5

Enter 3 to select Change firewall mode.

6

Follow the instructions on the screen.

7

Exit from the cpconfig menu.

8

Reboot.

On the Security Gateway (each Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Member), run:

reboot

On the Scalable Platform Security Group, run in Gaia gClish:

reboot

On the Scalable Platform Security Group, run in the Expert mode:

g_reboot -a

17 March 2024

© 2021 - 2024 Check Point Software Technologies Ltd.