fwaccel off

Description

The fwaccel off and fwaccel6 off commands stop the SecureXL on-the-fly.

Starting from R80.20, you can stop the SecureXL only temporarily. The SecureXL starts automatically when you start Check Point services (with the cpstart command), or reboot the Security Gateway.

Important:

  • Disable the SecureXL only for debug purposes, if Check Point Support explicitly instructs you to do so.

  • If you disable the SecureXL, this change does not survive reboot.

    SecureXL remains disabled until you enable it again on-the-fly, or reboot the Security Gateway.

  • If you disable the SecureXL, this change applies only to new connections that arrive after you disable the acceleration.

    SecureXL continues to accelerate the connections that are already accelerated.

    Other non-connection oriented processing continues to function (for example, virtual defragmentation, VPN decrypt).

  • On a VSX Gateway:

    • If you wish to stop the acceleration only for a specific Virtual System, go to the context of that Virtual System.

      In Gaia Clish, run: set virtual-system <VSID>

      In Expert mode, run: vsenv <VSID>

    • If you wish to stop the acceleration for all Virtual Systems, you must use the "-a" parameter.

      In this case, it does not matter from which Virtual System context you run this command.

  • In a Cluster, you must configure all the Cluster Members in the same way.

Syntax for IPv4

fwaccel off [-a] [-q]

Syntax for IPv6

fwaccel6 off [-a] [-q]

Parameters

Parameter

Description

-a

On a VSX Gateway, stops acceleration on all Virtual Systems.

-q

Suppresses the output (does not show a returned output).

Possible returned output

  • SecureXL device disabled

  • SecureXL device is not active

  • Failed to disable SecureXL device

  • fwaccel_off: failed to set process context <VSID>

Example 1 - Output from a non-VSX Gateway

[Expert@MyGW:0]# fwaccel off
SecureXL device disabled.
[Expert@MyGW:0]#

Example 2 - Output from a VSX Gateway for a specific Virtual System

[Expert@MyVSXGW:1]# vsx stat -v
VSX Gateway Status
==================
Name:            VSX2_192.168.3.242
Access Control Policy: VSX_GW_VSX
Installed at:    17Sep2018 13:17:14
Threat Prevention Policy: <No Policy> 
SIC Status:      Trust
 
Number of Virtual Systems allowed by license:          25
Virtual Systems [active / configured]:                  2 / 2
Virtual Routers and Switches [active / configured]:     0 / 0
Total connections [current / limit]:                    4 / 44700
 
Virtual Devices Status
======================
 
 ID  | Type &amp; Name     | Access Control Policy | Installed at    | Threat Prevention Policy | SIC Stat
-----+---------------------+-----------------------+-----------------+--------------------------+---------
   1 | S VS1               | VS1_Policy            | 17Sep2018 12:47 | <No Policy>              | Trust
   2 | S VS2               | VS2_Policy            | 17Sep2018 12:47 | <No Policy>              | Trust
 
Type: S - Virtual System, B - Virtual System in Bridge mode,
      R - Virtual Router, W - Virtual Switch.
 
[Expert@MyVSXGW:1]#
[Expert@MyVSXGW:1]# vsenv 1
Context is set to Virtual Device VS1 (ID 1).
[Expert@MyVSXGW:1]#
[Expert@MyVSXGW:1]# fwaccel stat -t
+-----------------------------------------------------------------------------+
|Id|Name |Status     |Interfaces               |Features                      |
+-----------------------------------------------------------------------------+
|0 |SND  |enabled    |eth1,eth2,eth3           |Acceleration,Cryptography     |
+-----------------------------------------------------------------------------+
 
[Expert@MyVSXGW:1]#
 
[Expert@MyVSXGW:1]# fwaccel off
SecureXL device disabled. (Virtual ID 1)
[Expert@MyVSXGW:1]#
[Expert@MyVSXGW:1]# fwaccel stat -t
+-----------------------------------------------------------------------------+
|Id|Name |Status     |Interfaces               |Features                      |
+-----------------------------------------------------------------------------+
|0 |SND  |disabled   |eth1,eth2,eth3           |Acceleration,Cryptography     |
+-----------------------------------------------------------------------------+
 
[Expert@MyVSXGW:1]#

Example 3 - Output from a VSX Gateway for all Virtual Systems

[Expert@MyVSXGW:1]# vsx stat -v
VSX Gateway Status
==================
Name:            VSX2_192.168.3.242
Access Control Policy: VSX_GW_VSX
Installed at:    17Sep2018 13:17:14
Threat Prevention Policy: <No Policy> 
SIC Status:      Trust
 
Number of Virtual Systems allowed by license:          25
Virtual Systems [active / configured]:                  2 / 2
Virtual Routers and Switches [active / configured]:     0 / 0
Total connections [current / limit]:                    4 / 44700
 
Virtual Devices Status
======================
 
 ID  | Type &amp; Name     | Access Control Policy | Installed at    | Threat Prevention Policy | SIC Stat
-----+---------------------+-----------------------+-----------------+--------------------------+---------
   1 | S VS1               | VS1_Policy            | 17Sep2018 12:47 | <No Policy>              | Trust
   2 | S VS2               | VS2_Policy            | 17Sep2018 12:47 | <No Policy>              | Trust
 
Type: S - Virtual System, B - Virtual System in Bridge mode,
      R - Virtual Router, W - Virtual Switch.
 
[Expert@MyVSXGW:1]#
[Expert@MyVSXGW:1]# vsenv 1
Context is set to Virtual Device VS1 (ID 1).
[Expert@MyVSXGW:1]#
[Expert@MyVSXGW:1]# fwaccel off -a
SecureXL device disabled. (Virtual ID 0)
SecureXL device disabled. (Virtual ID 1)
SecureXL device disabled. (Virtual ID 2)
[Expert@MyVSXGW:1]#