fwaccel off

Description

The fwaccel off and fwaccel6 off commands stop the SecureXL Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. on-the-fly.

Starting from R80.20, you can stop the SecureXL only temporarily. The SecureXL starts automatically when you start Check Point services (with the cpstart command), or reboot the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

Important:

Disable the SecureXL only for debug purposes, if Check Point Support explicitly instructs you to do so.
If you disable the SecureXL, this change does not survive reboot.

SecureXL remains disabled until you enable it again on-the-fly, or reboot the Security Gateway.
If you disable the SecureXL, this change applies only to new connections that arrive after you disable the acceleration.

SecureXL continues to accelerate the connections that are already accelerated.

Other non-connection oriented processing continues to function (for example, virtual defragmentation, VPN decrypt).
On a VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0.:
- If you wish to stop the acceleration only for a specific Virtual System, go to the context of that Virtual System.
  
  In Gaia Clish The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell)., run: set virtual-system <VSID>
  
  In Expert mode, run: vsenv <VSID>
- If you wish to stop the acceleration for all Virtual Systems, you must use the "-a" parameter.
  
  In this case, it does not matter from which Virtual System context you run this command.
In a Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing., you must configure all the Cluster Members in the same way.

Syntax for IPv4

fwaccel off [-a] [-q]

Syntax for IPv6

fwaccel6 off [-a] [-q]

Parameters

Parameter	Description
`-a`	On a VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Gateway, stops acceleration on all Virtual Systems.
`-q`	Suppresses the output (does not show a returned output).

Possible returned output

SecureXL device disabled
SecureXL device is not active
Failed to disable SecureXL device
fwaccel_off: failed to set process context <VSID>

Example 1 - Output from a non-VSX Gateway

[Expert@MyGW:0]# fwaccel off

SecureXL device disabled.

[Expert@MyGW:0]#

Example 2 - Output from a VSX Gateway for a specific Virtual System

[Expert@MyVSXGW:1]# vsx stat -v
VSX Gateway Status
==================
Name:            VSX2_192.168.3.242
Access Control Policy: VSX_GW_VSX
Installed at:    17Sep2018 13:17:14
Threat Prevention Policy: <No Policy> 
SIC Status:      Trust
 
Number of Virtual Systems allowed by license:          25
Virtual Systems [active / configured]:                  2 / 2
Virtual Routers and Switches [active / configured]:     0 / 0
Total connections [current / limit]:                    4 / 44700
 
Virtual Devices Status
======================
 
 ID  | Type &amp; Name     | Access Control Policy | Installed at    | Threat Prevention Policy | SIC Stat
-----+---------------------+-----------------------+-----------------+--------------------------+---------
   1 | S VS1               | VS1_Policy            | 17Sep2018 12:47 | <No Policy>              | Trust
   2 | S VS2               | VS2_Policy            | 17Sep2018 12:47 | <No Policy>              | Trust
 
Type: S - Virtual System, B - Virtual System in Bridge mode,
      R - Virtual Router, W - Virtual Switch.
 
[Expert@MyVSXGW:1]#
[Expert@MyVSXGW:1]# vsenv 1
Context is set to Virtual Device VS1 (ID 1).
[Expert@MyVSXGW:1]#
[Expert@MyVSXGW:1]# fwaccel stat
+---------------------------------------------------------------------------------+
|Id|Name     |Status     |Interfaces               |Features                      |
+---------------------------------------------------------------------------------+
|0 |KPPAK    |enabled    |eth1,eth2,eth3           |Acceleration,Cryptography     |
|  |         |           |                         |                              |
|  |         |           |                         |Crypto: Tunnel,UDPEncap,MD5,  |
|  |         |           |                         |SHA1,3DES,DES,AES-128,AES-256,|
|  |         |           |                         |ESP,LinkSelection,DynamicVPN, |
|  |         |           |                         |NatTraversal,AES-XCBC,SHA256, |
|  |         |           |                         |SHA384,SHA512                 |
+---------------------------------------------------------------------------------+
 
Accept Templates : enabled
Drop Templates   : disabled
NAT Templates    : enabled
LightSpeed Accel : disabled
[Expert@MyVSXGW:1]#
 
[Expert@MyVSXGW:1]# fwaccel off
SecureXL device disabled. (Virtual ID 1)
[Expert@MyVSXGW:1]#
[Expert@MyVSXGW:1]# fwaccel stat
+---------------------------------------------------------------------------------+
|Id|Name     |Status     |Interfaces               |Features                      |
+---------------------------------------------------------------------------------+
|0 |KPPAK    |disabled   |eth1,eth2,eth3           |Acceleration,Cryptography     |
|  |         |           |                         |                              |
|  |         |           |                         |Crypto: Tunnel,UDPEncap,MD5,  |
|  |         |           |                         |SHA1,3DES,DES,AES-128,AES-256,|
|  |         |           |                         |ESP,LinkSelection,DynamicVPN, |
|  |         |           |                         |NatTraversal,AES-XCBC,SHA256, |
|  |         |           |                         |SHA384,SHA512                 |
+---------------------------------------------------------------------------------+
 
Accept Templates : enabled
Drop Templates   : disabled
NAT Templates    : enabled
LightSpeed Accel : disabled
[Expert@MyVSXGW:1]#

Example 3 - Output from a VSX Gateway for all Virtual Systems

[Expert@MyVSXGW:1]# vsx stat -v
VSX Gateway Status
==================
Name:            VSX2_192.168.3.242
Access Control Policy: VSX_GW_VSX
Installed at:    17Sep2018 13:17:14
Threat Prevention Policy: <No Policy> 
SIC Status:      Trust
 
Number of Virtual Systems allowed by license:          25
Virtual Systems [active / configured]:                  2 / 2
Virtual Routers and Switches [active / configured]:     0 / 0
Total connections [current / limit]:                    4 / 44700
 
Virtual Devices Status
======================
 
 ID  | Type &amp; Name     | Access Control Policy | Installed at    | Threat Prevention Policy | SIC Stat
-----+---------------------+-----------------------+-----------------+--------------------------+---------
   1 | S VS1               | VS1_Policy            | 17Sep2018 12:47 | <No Policy>              | Trust
   2 | S VS2               | VS2_Policy            | 17Sep2018 12:47 | <No Policy>              | Trust
 
Type: S - Virtual System, B - Virtual System in Bridge mode,
      R - Virtual Router, W - Virtual Switch.
 
[Expert@MyVSXGW:1]#
[Expert@MyVSXGW:1]# vsenv 1
Context is set to Virtual Device VS1 (ID 1).
[Expert@MyVSXGW:1]#
[Expert@MyVSXGW:1]# fwaccel off -a
SecureXL device disabled. (Virtual ID 0)
SecureXL device disabled. (Virtual ID 1)
SecureXL device disabled. (Virtual ID 2)
[Expert@MyVSXGW:1]#