fwboot bootconf

Description

Configures boot security options.

Notes:

  • You must run this command from the Expert mode.

  • The settings are saved in the $FWDIR/boot/boot.conf file.

    Warning - To avoid issues, do not edit the $FWDIR/boot/boot.conf file manually. Edit the file only with this command.

  • Refer to these related commands:

Syntax to show the current boot security options

[Expert@HostName:0]# $FWDIR/boot/fwboot bootconf

      get_corexl

      get_core_override

      get_def

      get_ipf

      get_ipv6

      get_kernnum

      get_kern6num

Syntax to configure the boot security options

[Expert@HostName:0]# $FWDIR/boot/fwboot bootconf

      set_corexl {0 | 1}

      set_core_override <number>

      set_def [</path/filename>]

      set_ipf {0 | 1}

      set_ipv6 {0 | 1}

      set_kernnum <number>

      set_kern6num <number>

Parameters

Parameter

Description

No Parameters

Shows the built-in help with available parameters.

get_corexl

Shows if the CoreXL is enabled or disabled:

  • 0 - disabled

  • 1 - enabled

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the COREXL_INSTALLED.

get_core_override

Shows the number of overriding CPU cores.

The SMT (HyperThreading) feature (sk93000) uses this configuration to set the number of CPU cores after reboot.

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the CORE_OVERRIDE.

get_def

Shows the configured path and the name of the Default Filter policy file (default is $FWDIR/boot/default.bin).

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the DEFAULT_FILTER_PATH.

get_ipf

Shows if the IP Forwarding during boot is enabled or disabled:

  • 0 - disabled (Security Gateway does not forward traffic between its interfaces during boot)

  • 1 - enabled

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the CTL_IPFORWARDING.

get_ipv6

Shows if the IPv6 support is enabled or disabled:

  • 0 - disabled

  • 1 - enabled

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the IPV6_INSTALLED.

get_kernnum

Shows the configured number of IPv4 CoreXL Firewall instances.

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the KERN_INSTANCE_NUM.

get_kern6num

Shows the configured number of IPv6 CoreXL Firewall instances.

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the KERN6_INSTANCE_NUM.

set_corexl {0 | 1}

Enables or disables CoreXL:

  • 0 - disables

  • 1 - enables

Notes:

  • In the $FWDIR/boot/boot.conf file, refer to the value of the COREXL_INSTALLED.

  • To configure CoreXL, use the cpconfig menu.

set_core_override <number>

Configures the number of overriding CPU cores.

The SMT (HyperThreading) feature (sk93000) uses this configuration to set the number of CPU cores after reboot.

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the CORE_OVERRIDE.

set_def [</path/filename>]

Configures the path and the name of the Default Filter policy file (default is $FWDIR/boot/default.bin).

Notes:

  • In the $FWDIR/boot/boot.conf file, refer to the value of the DEFAULT_FILTER_PATH.

  • If you do not specify the path and the name explicitly, then the value of the DEFAULT_FILTER_PATH is set to 0.

    As a result, Security Gateway does not load a Default Filter during boot.

Best Practice - The best location for this file is the $FWDIR/boot/ directory.

set_ipf {0 | 1}

Configures the IP forwarding during boot:

  • 0 - disables (forbids the Security Gateway to forward traffic between its interfaces during boot)

  • 1 - enables

Note - In the $FWDIR/boot/boot.conf file, refer to the value of the CTL_IPFORWARDING.

set_ipv6 {0 | 1}

Enables or disables the IPv6 Support:

  • 0 - disables

  • 1 - enables

Notes:

  • In the $FWDIR/boot/boot.conf file, refer to the value of the IPV6_INSTALLED.

  • Configure the IPv6 Support in Gaia Portal, or Gaia Clish. See the R81 Gaia Administration Guide.

set_kernnum <number>

Configures the number of IPv4 CoreXL Firewall instances.

Notes:

  • In the $FWDIR/boot/boot.conf file, refer to the value of the KERN_INSTANCE_NUM.

  • To configure CoreXL, use the cpconfig menu.

set_kern6num <number>

Configures the number of IPv6 CoreXL Firewall instances.

Notes:

  • In the $FWDIR/boot/boot.conf file, refer to the value of the KERN6_INSTANCE_NUM.

  • To configure CoreXL, use the cpconfig menu.