Firewall Kernel Parameters

To change the internal default behavior of Firewall or to configure special advanced settings for Firewall, you can use Firewall kernel parameters.

The names of applicable Firewall kernel parameters and their values appear in various SK articles in Check Point Support Center, and provided by Check Point Support.

Important:

  • The names of Firewall kernel parameters are case-sensitive.

  • You can configure most of the Firewall kernel parameters on-the-fly with the "fw ctl set" command.

    This change does not survive a reboot.

    You can use the "fw ctl set -f" command to make this change permanent as well.

  • You can configure some of the Firewall kernel parameters only permanently in the special configuration file $FWDIR/boot/modules/fwkern.conf command.

    This requires a maintenance window, because the new values of the kernel parameters take effect only after a reboot.

  • You can configure some of the Firewall kernel parameters only permanently in the special configuration files - $FWDIR/boot/modules/fwkern.conf or $FWDIR/boot/modules/vpnkern.conf.

    You must manually edit these files.

    This requires a maintenance window, because the new values of the kernel parameters take effect only after a reboot.

  • In a ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing., you must configure all the Cluster Members in the same way.

  • On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

Working with Integer Kernel Parameters

Working with String Kernel Parameters