fwaccel cfg

Description

The fwaccel cfg command controls the SecureXL acceleration parameters.

Important - In a Cluster, you must configure all the Cluster Members in the same way.

Syntax

fwaccel cfg

      -h

      -a {<Number of Interface> | <Name of Interface> | reset}

      -b {on | off}

      -c <Number>

      -d <Number>

      -e <Number>

      -i {on | off}

      -l <Number>

      -m <Seconds>

      -p {on | off}

      -r <Number>

      -v <Seconds>

      -w {on | off}

Important:

  • These commands do not provide output. You cannot see the currently configured values.

  • Changes made with these commands do not survive reboot.

Parameters

Parameter

Description

-h

Shows the applicable built-in help.

-a <Number of Interface>

-a <Name of Interface>

-a reset

  • -a <Number of Interface>

    Configures the SecureXL not to accelerate traffic on the interface specified by its internal number in Check Point kernel.

  • -a <Name of Interface>

    Configures the SecureXL not to accelerate traffic on the interface specified by its name.

  • -a reset

    Configures the SecureXL to accelerate traffic on all interfaces (resets the non-accelerated configuration).

Notes:

  • This command does not support Falcon Acceleration Cards.

  • To see the required information about the interfaces, run these commands in the specified order:

    fw getifs

    fw ctl iflist

  • To see if the "fwaccel cfg -a ..." command failed, run this command:

    tail -n 10 /var/log/messages

-b {on | off}

Controls the SecureXL Drop Templates match (sk66402):

  • on - Enables the SecureXL Drop Templates match

  • off - Disables the SecureXL Drop Templates match

Note - In R81, SecureXL does not support this parameter yet..

-c <Number>

Configures the maximal number of connections, when SecureXL disables the templates.

-d <Number>

Configures the maximal number of delete retries.

-e <Number>

Configures the maximal number of general errors.

-i {on | off}

Configures SecureXL to ignore API version mismatch:

  • on - Ignore API version mismatch.

  • off - Do not ignore API version mismatch (this is the default).

-l <Number>

Configures the maximal number of entries in the SecureXL templates database.

Valid values are:

  • 0 - To disable the limit (this is the default).

  • Between 10 and 524288 - To configure the limit.

Important - If you configure a limit, you must stop and start the acceleration for this change to take effect. Run the fwaccel off command and then the fwaccel on command.

-m <Seconds>

Configures the timeout for entries in the SecureXL templates database.

Valid values are:

  • 0 - To disable the timeout (this is the default).

  • Between 10 and 524288 - To configure the timeout.

-p {on | off}

Configures the offload of Connection Templates (if possible):

  • on - Enables the offload of new templates (this is the default).

  • off - Disables the offload of new templates.

-r <Number>

Configures the maximal number of retries for SecureXL API calls.

-v <Seconds>

Configures the interval between SecureXL statistics request.

Valid values are:

  • 0 - To disable the interval.

  • 1 and greater - To configure the interval.

-w {on | off}

Configures the support for warnings about the IPS protection Sequence Verifier:

  • on - Enable the support for these warnings.

  • off - Disables the support for these warnings.