fw ctl set

Description

Configures the specified value for the specified kernel parameter.

Important:

  • In a Cluster, you must configure all the Cluster Members in the same way.

  • In VSX Gateway, the configured values of kernel parameters apply to all existing Virtual Systems and Virtual Routers.

  • The configuration made with this command without the "-f" flag does not survive reboot.

    To make this configuration permanent, you must edit one of the applicable configuration files:

    • $FWDIR/boot/modules/fwkern.conf

    • $FWDIR/boot/modules/vpnkern.conf

    • $PPKDIR/conf/simkern.conf

  • For complete procedures, see Working with Kernel Parameters on Security Gateway.

Notes:

  • Kernel parameters control the advanced behavior of your Security Gateway.

  • There are two types of kernel parameters - integer and string.

  • Security Gateway gets the names and the default values of the kernel parameters from these kernel module files:

    • $FWDIR/boot/modules/fw_kern_64_3_10_64.o

    • $FWDIR/boot/modules/fw_kern_64_3_10_64_v6.o

    • $FWDIR/boot/modules/fw_kern_64_3_10_64_sp.o

    • $FWDIR/boot/modules/fw_kern_64_3_10_64_sp_v6.o

    • $PPKDIR/boot/modules/adp_kern_64_3_10_64.o

    • $PPKDIR/boot/modules/sim_kern_64_3_10_64.o

    • $PPKDIR/boot/modules/sim_kern_64_3_10_64_v6.o

  • Refer to the related command fw ctl get.

  • Refer to the related article sk33156: Creating a file with all the kernel parameters and their values

Syntax on a Security Gateway / Cluster Member in Gaia Clish or the Expert mode

fw [-d] ctl set [-f] int <Name of Integer Kernel Parameter> <Integer Value>

fw [-d] ctl set [-f] str <Name of String Kernel Parameter> '<String Value>'

Syntax on a Scalable Platform Security Group in the Expert mode

On Scalable Platforms (Maestro and Chassis), you must run the applicable commands in the Expert mode on the applicable Security Group.

  • To make the change only in the current session (does not survive reboot):

    g_fw [-d] ctl set int <Name of Integer Kernel Parameter> <Integer Value>

    g_fw [-d] ctl set str <Name of String Kernel Parameter> '<String Value>'

  • To make the change that survives reboot:

    g_update_conf_file <Path to File> <Name of Integer Kernel Parameter>=<Integer Value>

    g_update_conf_file <Path to File> <Name of String Kernel Parameter>='<String Value>'

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

-f

Automatically makes the required changes in the corresponding configuration file to survive reboot:

  • $FWDIR/boot/modules/fwkern.conf

  • $FWDIR/boot/modules/vpnkern.conf

  • $PPKDIR/conf/simkern.conf

This flag does not apply to Scalable Platforms.

<Name of Integer Kernel Parameter>

Specifies the name of the integer kernel parameter.

<Integer Value>

Specifies the integer value for the integer kernel parameter.

<Name of String Kernel Parameter>

Specifies the name of the string kernel parameter.

'<String Value>'

Specifies the string value for the string kernel parameter.

<Path to File>

Specifies the path to the configuration file on Scalable Platforms:

  • $FWDIR/boot/modules/fwkern.conf

  • $FWDIR/boot/modules/vpnkern.conf

  • $PPKDIR/conf/simkern.conf

Example for an integer kernel parameter (does not survive reboot)

[Expert@MyGW:0]# fw ctl get int fw_kdprintf_limit

fw_kdprintf_limit = 100

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw ctl set int fw_kdprintf_limit 50

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw ctl get int fw_kdprintf_limit

fw_kdprintf_limit = 50

[Expert@MyGW:0]#

Example for an integer kernel parameter (survives reboot)

[Expert@MyGW:0]# fw ctl get int fw_kdprintf_limit

fw_kdprintf_limit = 100

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw ctl set -f int fw_kdprintf_limit 50

"fwkern.conf" was updated successfully

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw ctl get int fw_kdprintf_limit

fw_kdprintf_limit = 50

[Expert@MyGW:0]#

Example for a string kernel parameter

[Expert@MyGW:0]# fw ctl set str icap_unwrap_append_header_str '__print__'

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw ctl get str icap_unwrap_append_header_str

icap_unwrap_append_header_str = '__print__'

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw ctl set str icap_unwrap_append_header_str ''

[Expert@MyGW:0]#

[Expert@MyGW:0]# fw ctl get str icap_unwrap_append_header_str

icap_unwrap_append_header_str = ''

[Expert@MyGW:0]#