fwaccel templates

Description

The fwaccel templates and fwaccel6 templates commands show the contents of the SecureXL templates tables:

  • Accept Templates

  • Drop Templates

    Important - By default, the Drop Templates are disabled.

    To enable the Drop Templates:

    1. In SmartConsole, open the Security Gateway / Cluster object.

    2. In the left tree, click the Optimizations pane.

    3. Select Enable drop optimization.

    4. Click OK.

    5. Install the Access Control policy.

Important - Based on the number of current templates, these commands can consume memory at very high level.

Syntax for IPv4

fwaccel templates

      [-h]

      [-d]

      [-m <Number of Rows>]

      [-s]

      [-S]

Syntax for IPv6

fwaccel6 templates

      [-h]

      [-d]

      [-m <Number of Rows>]

      [-s]

      [-S]

Parameters

Parameter

Description

No Parameters

Shows the contents of the SecureXL Accept Templates table (Table Name - cphwd_tmpl, Table ID - 8111).

-h

Shows the applicable built-in usage.

-d

Shows the contents of the SecureXL Drop Templates table.

-m <Number of Rows>

Specifies how many rows to show from the templates table.

Note - The command counts from the top of the table.

Default : 1000

-s

Shows the summary of SecureXL Connections Templates (number of templates)

-S

Shows statistics for the SecureXL Connections Templates.

Accept Templates flags

One or more of these flags appears in the output:

Flag

Description

A

Connection is accounted (SecureXL counts the number of packets and bytes).

B

Connection is created for a rule that contains an Identity Awareness object, or for a rule below that rule.

E

Connection is created for a NAT rule that contains an Identity Awareness object.

I

Identity Awareness (NAC) is enabled for this connection.

M

Connection is created for a rule that contains a Domain object, or for a rule below that rule.

N

Connection undergoes NAT.

O

Connection is created for a rule that contains a Dynamic object, or for a rule below that rule.

Q

QoS is enabled for this connection.

R

Connection is created for a rule that contains a Traceroute object, or for a rule below that rule.

S

PXL (combination of SecureXL and PSL (Passive Streaming Library)) is enabled for this connection.

T

Connection is created for a rule that contains a Time object, or for a rule below that rule.

U

Connection is unidirectional.

X

Connection is created for a NAT rule that contains a translated Dynamic object.

Z

Connection is created for a rule that contains a Security Zone object, or for a rule below that rule.

Drop Templates flags

One or more of these flags appears in the output:

Flag

Description

D

Drop template exists for this connection.

L

Log and Drop action for this connection.

Examples

[Expert@MyGW:0]# fwaccel templates
Source          SPort Destination     DPort PR Flags         LCT  DLY C2S i/f S2C i/f
--------------- ----- --------------- ----- -- ------------  ---- --- ------- -------
192.168.10.20       * 192.168.10.50      80  6            0     0   0 eth5/eth1 eth1/eth5
[Expert@MyGW:0]#
 
[Expert@MyGW:0]# fwaccel templates -d
The SecureXL drop templates table is empty
[Expert@MyGW:0]#
 
[Expert@MyGW:0]# fwaccel templates -s
Total number of templates: 1
[Expert@MyGW:0]#
 
[Expert@MyGW:0]# fwaccel templates -S
 
Templates stats:
 
 Name                     Value           Name                     Value
--------------------     ------------    --------------------     ------------
C templates                         0    conns from templates                0
nat templates                       0    conns from nat tmpl                 0
C CPASXL templates                  0    C PSLXL templates                   0
C used templates                    0    cpasxl tmpl conns                   0
pslxl tmpl conns                    0    C conns from tmpl                   0
 
[Expert@MyGW:0]#