Firewall Kernel Parameters

To change the internal default behavior of Firewall or to configure special advanced settings for Firewall, you can use Firewall kernel parameters.

The names of applicable Firewall kernel parameters and their values appear in various SK articles in Check Point Support Center, and provided by Check Point Support.

Important:

  • The names of Firewall kernel parameters are case-sensitive.

  • You can configure most of the Firewall kernel parameters on-the-fly with the "fw ctl set" command.

    This change does not survive a reboot.

    You can use the "fw ctl set -f" command to make this change permanent as well.

  • You can configure some of the Firewall kernel parameters only permanently in the special configuration file $FWDIR/boot/modules/fwkern.conf command.

    This requires a maintenance window, because the new values of the kernel parameters take effect only after a reboot.

  • You can configure some of the Firewall kernel parameters only permanently in the special configuration files - $FWDIR/boot/modules/fwkern.conf or $FWDIR/boot/modules/vpnkern.conf.

    You must manually edit these files.

    This requires a maintenance window, because the new values of the kernel parameters take effect only after a reboot.

  • In a ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing., you must configure all the Cluster Members in the same way.

  • On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

Type

Name

Integer

fw_allow_simultaneous_ping

fw_kdprintf_limit

fw_log_bufsize

send_buf_limit

String

simple_debug_filter_addr_1

simple_debug_filter_daddr_1

simple_debug_filter_vpn_1

ws_debug_ip_str

fw_lsp_pair1

Working with Integer Kernel Parameters

Step

Instructions

1

Connect to the command line on your Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. / each Cluster MemberClosed Security Gateway that is part of a cluster..

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

2

Log in to the Expert mode.

3

Make sure you can get the list of the available integer kernel parameters and their values without errors:

Note - The configuration of your Security Gateway might not support all kernel parameters. As a result, the Security Gateway might fail to get the value of some kernel parameters.

modinfo -p $FWDIR/boot/modules/fw_kern*.o | sort -u | grep ':int param' | awk 'BEGIN {FS=":"} ; {print $1}' | xargs -n 1 fw ctl get int

4

If in the previous step there were no errors, get the list of the available integer kernel parameters and their values, and save the list to a file:

modinfo -p $FWDIR/boot/modules/fw_kern*.o | sort -u | grep ':int param' | awk 'BEGIN {FS=":"} ; {print $1}' | xargs -n 1 fw ctl get int 1>> /var/log/fw_integer_kernel_parameters.txt 2>> /var/log/fw_integer_kernel_parameters.txt

5

Analyze the output file:

/var/log/fw_integer_kernel_parameters.txt

Step

Instructions

1

Connect to the command line on your Security Gateway / each Cluster Member.

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

2

Log in to Gaia ClishClosed The name of the default command line shell in Check Point Gaia operating system. This is a restricted shell (role-based administration controls the number of commands available in the shell). or the Expert mode.

Note - On Scalable Platforms (Maestro and Chassis), you must use GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. gClish or the Expert mode.

3

Get the current value of an integer kernel parameter:

  • On the Security Gateway / each Cluster Member, run in Gaia Clish or the Expert mode:

    fw ctl get int <Name of Integer Kernel Parameter> [-a]

  • On the Scalable Platform Security Group, run in Gaia gClish:

    fw ctl get int <Name of Integer Kernel Parameter> [-a]

  • On the Scalable Platform Security Group, run in the Expert mode:

    g_fw ctl get int <Name of Integer Kernel Parameter> [-a]

Example:

[Expert@MyGW:0]# fw ctl get int send_buf_limit
send_buf_limit = 80
[Expert@MyGW:0]#

Important - This change does not survive reboot.

Step

Instructions

1

Connect to the command line on your Security Gateway / each Cluster Member.

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

2

Log in to Gaia Clish or the Expert mode.

Note - On Scalable Platforms (Maestro and Chassis), you must use Gaia gClish or the Expert mode.

3

Configure the new value for an integer kernel parameter:

  • On a Security Gateway / each Cluster Member, run in Gaia Clish or the Expert mode:

    fw ctl set int <Name of Integer Kernel Parameter> <Integer Value>

  • On a Scalable Platform Security Group, run in Gaia gClish:

    fw ctl set int <Name of Integer Kernel Parameter> <Integer Value>

  • On a Scalable Platform Security Group, run in the Expert mode:

    g_fw ctl set int <Name of Integer Kernel Parameter> <Integer Value>

Example:

[Expert@MyGW:0]# fw ctl set int send_buf_limit 100
Set operation succeeded
[Expert@MyGW:0]#

4

Make sure the new value is configured.

  • On a Security Gateway / each Cluster Member, run in Gaia Clish or the Expert mode:

    fw ctl get int <Name of Integer Kernel Parameter>

  • On a Scalable Platform Security Group, run in Gaia gClish:

    fw ctl get int <Name of Integer Kernel Parameter>

  • On a Scalable Platform Security Group, run in the Expert mode:

    g_fw ctl get int <Name of Integer Kernel Parameter>

Example:

[Expert@MyGW:0]# fw ctl get int send_buf_limit
send_buf_limit = 100
[Expert@MyGW:0]#

To make a kernel parameter configuration permanent (to survive reboot), you must edit one of the applicable configuration files:

  • For Firewall kernel parameters:

    $FWDIR/boot/modules/fwkern.conf

  • For VPN kernel parameters:

    $FWDIR/boot/modules/vpnkern.conf

The exact parameters appear in various SK articles in Check Point Support Center, and provided by Check Point Support.

Step

Instructions

1

Connect to the command line on your Security Gateway / each Cluster Member.

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

2

Log in to the Expert mode.

3

Back up the current configuration file, if it exists:

  • On the Security Gateway (each Cluster Member), run:

    cp -v $FWDIR/boot/modules/fwkern.conf{,_BKP}

  • On the Scalable Platform Security Group, run:

    g_cp -v $FWDIR/boot/modules/fwkern.conf{,_BKP}

4

Configure the required Firewall kernel parameter with the assigned value in the exact format specified below.

  • On the Security Gateway (each Cluster Member), run:

    fw ctl set -f int <Name_of_Integer_Kernel_Parameter> <Integer_Value>

  • On the Scalable Platform Security Group, run one of these commands:

    g_fw ctl set -f int <Name_of_Integer_Kernel_Parameter> <Integer_Value>

    g_update_conf_file fwkern.conf <Name_of_Integer_Kernel_Parameter>=<Integer_Value>

Example:

[Expert@MyGW:0]# fw ctl set -f int send_buf_limit 100
"fwkern.conf" was updated successfully
[Expert@MyGW:0]#

[Expert@MyGW:0]# g_update_conf_file fwkern.conf send_buf_limit=100
"fwkern.conf" was updated successfully
[Expert@MyGW:0]#

5

Examine the configuration file.

  • On the Security Gateway (each Cluster Member), run:

    cat $FWDIR/boot/modules/fwkern.conf

  • On the Scalable Platform Security Group, run:

    g_cat $FWDIR/boot/modules/fwkern.conf

6

Reboot.

  • On the Security Gateway / Cluster Member, run:

    reboot

    Important - In cluster, this can cause a failover.

  • On the Scalable Platform Security Group, run:

    g_reboot -a

7

Connect to the command line on your Security Gateway / each Cluster Member.

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

8

Log in to Gaia Clish or the Expert mode.

Note - On Scalable Platforms (Maestro and Chassis), you must use Gaia gClish or the Expert mode.

9

Make sure the new value of the kernel parameter is configured.

  • On a Security Gateway / each Cluster Member, run:

    fw ctl get int <Name of Integer Kernel Parameter> [-a]

  • On a Scalable Platform Security Group, run:

    g_fw ctl get int <Name of Integer Kernel Parameter> [-a]

For more information, see sk26202: Changing the kernel global parameters for Check Point Security Gateway.

Step

Instructions

1

Connect to the command line on your Security Gateway / each Cluster Member.

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

2

Log in to the Expert mode.

3

See if the configuration file already exists.

  • On a Security Gateway / each Cluster Member:

    • For Firewall kernel parameters, run:

      ls -l $FWDIR/boot/modules/fwkern.conf

    • For VPN kernel parameters, run:

      ls -l $FWDIR/boot/modules/vpnkern.conf

  • On a Scalable Platform Security Group:

    • For Firewall kernel parameters, run:

      g_ls -l $FWDIR/boot/modules/fwkern.conf

    • For VPN kernel parameters, run:

      g_ls -l $FWDIR/boot/modules/vpnkern.conf

4

If this file already exists, skip to Step 5.

If this file does not exist, then create it manually and then skip to Step 6.

  • On a Security Gateway / each Cluster Member:

    • For Firewall kernel parameters, run:

      touch $FWDIR/boot/modules/fwkern.conf

    • For VPN kernel parameters, run:

      touch $FWDIR/boot/modules/fwkern.conf

  • On a Scalable Platform Security Group:

    • For Firewall kernel parameters, run:

      g_all touch $FWDIR/boot/modules/fwkern.conf

    • For VPN kernel parameters, run:

      g_all touch $FWDIR/boot/modules/vpnkern.conf

5

Back up the current configuration file.

  • On a Security Gateway / each Cluster Member:

    • For Firewall kernel parameters, run:

      cp -v $FWDIR/boot/modules/fwkern.conf{,_BKP}

    • For VPN kernel parameters, run:

      cp -v $FWDIR/boot/modules/vpnkern.conf{,_BKP}

  • On a Scalable Platform Security Group:

    • For Firewall kernel parameters, run:

      g_cp -v $FWDIR/boot/modules/fwkern.conf{,_BKP}

    • For VPN kernel parameters, run:

      g_cp -v $FWDIR/boot/modules/vpnkern.conf{,_BKP}

6

Edit the current configuration file.

The same syntax applies to the Security Gateway / each Cluster Member and the Scalable Platform Security Group:

  • For Firewall kernel parameters, run:

    vi $FWDIR/boot/modules/fwkern.conf

  • For VPN kernel parameters, run:

    vi $FWDIR/boot/modules/vpnkern.conf

7

Add the required Firewall kernel parameter with the assigned value in the exact format specified below.

Important - These configuration files do not support space characters, tabulation characters, and comments (lines that contain the # character).

<Name_of_Integer_Kernel_Parameter>=<Integer_Value>

8

Save the changes in the file and exit the editor.

9

On the Scalable Platform Security Group, copy the updated configuration file to all other Security Group Members:

  • For Firewall kernel parameters, run:

    asg_cp2blades $FWDIR/boot/modules/fwkern.conf

  • For VPN kernel parameters, run:

    asg_cp2blades $FWDIR/boot/modules/vpnkern.conf

10

Reboot.

  • On the Security Gateway / Cluster Member, run:

    reboot

    Important - In cluster, this can cause a failover.

  • On the Scalable Platform Security Group, run:

    g_reboot -a

11

Connect to the command line on your Security Gateway / each Cluster Member.

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

12

Log in to Gaia Clish or the Expert mode.

Note - On Scalable Platforms (Maestro and Chassis), you must use Gaia gClish or the Expert mode.

13

Make sure the new value of the kernel parameter is configured.

  • On a Security Gateway / each Cluster Member, run in Gaia Clish or the Expert mode:

    fw ctl get int <Name of Integer Kernel Parameter> [-a]

  • On a Scalable Platform Security Group, run in Gaia gClish:

    fw ctl get int <Name of Integer Kernel Parameter> [-a]

  • On a Scalable Platform Security Group, run in the Expert mode:

    g_fw ctl get int <Name of Integer Kernel Parameter> [-a]

Working with String Kernel Parameters

Step

Instructions

1

Connect to the command line on your Security Gateway / each Cluster Member.

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

2

Log in to the Expert mode.

3

Make sure you can get the list of the available integer kernel parameters and their values without errors:

Note - The configuration of your Security Gateway might not support all kernel parameters. As a result, the Security Gateway might fail to get the value of some kernel parameters.

modinfo -p $FWDIR/boot/modules/fw_kern*.o | sort -u | grep ':string param' | awk 'BEGIN {FS=":"} ; {print $1}' | xargs -n 1 fw ctl get str

4

If in the previous step there were no errors, get the list of the available string kernel parameters and their values, and save the list to a file:

modinfo -p $FWDIR/boot/modules/fw_kern*.o | sort -u | grep ':string param' | awk 'BEGIN {FS=":"} ; {print $1}' | xargs -n 1 fw ctl get str 1>> /var/log/fw_string_kernel_parameters.txt 2>> /var/log/fw_string_kernel_parameters.txt

5

Analyze the output file:

/var/log/fw_string_kernel_parameters.txt

Step

Instructions

1

Connect to the command line on your Security Gateway / each Cluster Member.

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

2

Log in to Gaia Clish or the Expert mode.

Note - On Scalable Platforms (Maestro and Chassis), you must use Gaia gClish or the Expert mode.

3

Get the current value of a string kernel parameter:

  • On the Security Gateway / each Cluster Member, run in Gaia Clish or the Expert mode:

    fw ctl get str <Name of String Kernel Parameter> [-a]

  • On the Scalable Platform Security Group, run in Gaia gClish:

    fw ctl get str <Name of String Kernel Parameter> [-a]

  • On the Scalable Platform Security Group, run in the Expert mode:

    g_fw ctl get str <Name of String Kernel Parameter> [-a]

Example:

[Expert@MyGW:0]# fw ctl get str fileapp_default_encoding_charset
fileapp_default_encoding_charset = 'UTF-8'
[Expert@MyGW:0]#

Important - This change does not survive reboot.

Step

Instructions

1

Connect to the command line on your Security Gateway / each Cluster Member.

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

2

Log in to Gaia Clish or the Expert mode.

Note - On Scalable Platforms (Maestro and Chassis), you must use Gaia gClish or the Expert mode.

3

Configure the new value for a string kernel parameter.

Note - You must write the value in single quotes, or double quotes. Use one of these syntax options.

  • On a Security Gateway / each Cluster Member, run in Gaia Clish or the Expert mode:

    fw ctl set str <Name of String Kernel Parameter> '<String Text>'

    or

    fw ctl set str <Name of String Kernel Parameter> "<String Text>"

  • On a Scalable Platform Security Group, run in Gaia gClish:

    fw ctl set str <Name of String Kernel Parameter> '<String Text>'

    or

    fw ctl set str <Name of String Kernel Parameter> "<String Text>"

  • On a Scalable Platform Security Group, run in the Expert mode:

    g_fw ctl set str <Name of String Kernel Parameter> '<String Text>'

    or

    g_fw ctl set str <Name of String Kernel Parameter> "<String Text>"

Example:

[Expert@MyGW:0]# fw ctl set str debug_filter_saddr_ip '1.1.1.1'
Set operation succeeded
[Expert@MyGW:0]#

4

Make sure the new value is configured.

  • On a Security Gateway / each Cluster Member, run in Gaia Clish or the Expert mode:

    fw ctl get str <Name of String Kernel Parameter>

  • On a Scalable Platform Security Group, run in Gaia gClish:

    fw ctl get str <Name of String Kernel Parameter>

  • On a Scalable Platform Security Group, run in the Expert mode:

    g_fw ctl get str <Name of String Kernel Parameter>

Example:

[Expert@MyGW:0]# fw ctl get str debug_filter_saddr_ip
debug_filter_saddr_ip = '1.1.1.1'
[Expert@MyGW:0]#

To make a kernel parameter configuration permanent (to survive reboot), you must edit one of the applicable configuration files:

  • For Firewall kernel parameters:

    $FWDIR/boot/modules/fwkern.conf

  • For VPN kernel parameters:

    $FWDIR/boot/modules/vpnkern.conf

The exact parameters appear in various SK articles in Check Point Support Center, and provided by Check Point Support.

Step

Instructions

1

Connect to the command line on your Security Gateway / each Cluster Member.

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

2

Log in to the Expert mode.

3

Back up the current configuration file, if it exists:

  • On the Security Gateway (each Cluster Member), run:

    cp -v $FWDIR/boot/modules/fwkern.conf{,_BKP}

  • On the Scalable Platform Security Group, run:

    g_cp -v $FWDIR/boot/modules/fwkern.conf{,_BKP}

4

Configure the required Firewall kernel parameter with the assigned value in the exact format specified below.

Note - You must write the value in single quotes, or double quotes. Use one of these syntax options.

  • On a Security Gateway / each Cluster Member, run in Gaia Clish or the Expert mode:

    fw ctl set -f str <Name_of_String_Kernel_Parameter> '<String_Text>'

    or

    fw ctl set -f str <Name_of_String_Kernel_Parameter> "<String_Text>"

  • On a Scalable Platform Security Group, run in the Expert mode:

    g_fw ctl set -f str <Name_of_String_Kernel_Parameter> '<String_Text>'

    or

    g_fw ctl set -f str <Name_of_String_Kernel_Parameter> "<String_Text>"

Example:

[Expert@MyGW:0]# fw ctl set -f str ws_debug_ip_str '1.1.1.1'
"fwkern.conf" was updated successfully
[Expert@MyGW:0]#

5

Examine the configuration file.

  • On the Security Gateway / each Cluster Member, run:

    cat $FWDIR/boot/modules/fwkern.conf

  • On the Scalable Platform Security Group, run:

    g_cat $FWDIR/boot/modules/fwkern.conf

6

Reboot.

  • On the Security Gateway / Cluster Member, run:

    reboot

    Important - In cluster, this can cause a failover.

  • On the Scalable Platform Security Group, run:

    g_reboot -a

7

Connect to the command line on your Security Gateway / each Cluster Member.

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

8

Log in to Gaia Clish or the Expert mode.

Note - On Scalable Platforms (Maestro and Chassis), you must use Gaia gClish or the Expert mode.

9

Make sure the new value of the kernel parameter is configured.

  • On a Security Gateway / each Cluster Member, run in Gaia Clish or the Expert mode:

    fw ctl get str <Name of String Kernel Parameter> [-a]

  • On a Scalable Platform Security Group, run in Gaia gClish:

    fw ctl get str <Name of String Kernel Parameter> [-a]

  • On a Scalable Platform Security Group, run in the Expert mode:

    g_fw ctl get str <Name of String Kernel Parameter> [-a]

For more information, see sk26202: Changing the kernel global parameters for Check Point Security Gateway.

Step

Instructions

1

Connect to the command line on your Security Gateway / each Cluster Member.

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

2

Log in to the Expert mode.

3

  • On a Security Gateway / each Cluster Member:

    • For Firewall kernel parameters, run:

      ls -l $FWDIR/boot/modules/fwkern.conf

    • For VPN kernel parameters, run:

      ls -l $FWDIR/boot/modules/vpnkern.conf

  • On a Scalable Platform Security Group:

    • For Firewall kernel parameters, run:

      g_ls -l $FWDIR/boot/modules/fwkern.conf

    • For VPN kernel parameters, run:

      g_ls -l $FWDIR/boot/modules/vpnkern.conf

4

If this file already exists, skip to Step 5.

If this file does not exist, then create it manually and then skip to Step 6.

  • On a Security Gateway / each Cluster Member:

    • For Firewall kernel parameters, run:

      touch $FWDIR/boot/modules/fwkern.conf

    • For VPN kernel parameters, run:

      touch $FWDIR/boot/modules/fwkern.conf

  • On a Scalable Platform Security Group:

    • For Firewall kernel parameters, run:

      g_all touch $FWDIR/boot/modules/fwkern.conf

    • For VPN kernel parameters, run:

      g_all touch $FWDIR/boot/modules/vpnkern.conf

5

Back up the current configuration file.

  • On a Security Gateway / each Cluster Member:

    • For Firewall kernel parameters, run:

      cp -v $FWDIR/boot/modules/fwkern.conf{,_BKP}

    • For VPN kernel parameters, run:

      cp -v $FWDIR/boot/modules/vpnkern.conf{,_BKP}

  • On a Scalable Platform Security Group:

    • For Firewall kernel parameters, run:

      g_cp -v $FWDIR/boot/modules/fwkern.conf{,_BKP}

    • For VPN kernel parameters, run:

      g_cp -v $FWDIR/boot/modules/vpnkern.conf{,_BKP}

6

Edit the current configuration file.

The same syntax applies to the Security Gateway / each Cluster Member and the Scalable Platform Security Group:

  • For Firewall kernel parameters, run:

    vi $FWDIR/boot/modules/fwkern.conf

  • For VPN kernel parameters, run:

    vi $FWDIR/boot/modules/vpnkern.conf

7

Add the required kernel parameter with the assigned value in the exact format specified below.

Important - These configuration files do not support space characters, tabulation characters, and comments (lines that contain the # character).

Note - You must write the value in single quotes, or double quotes. Use one of these syntax options.

<Name_of_String_Kernel_Parameter>='<String_Text>'

or

<Name_of_String_Kernel_Parameter>="<String_Text>"

8

Save the changes in the file and exit the editor.

9

On the Scalable Platform Security Group, copy the updated configuration file to all other Security Group Members:

  • For Firewall kernel parameters, run:

    asg_cp2blades $FWDIR/boot/modules/fwkern.conf

  • For VPN kernel parameters, run:

    asg_cp2blades $FWDIR/boot/modules/vpnkern.conf

10

Reboot.

  • On the Security Gateway / Cluster Member, run:

    reboot

    Important - In cluster, this can cause a failover.

  • On the Scalable Platform Security Group, run:

    g_reboot -a

11

Connect to the command line on your Security Gateway / each Cluster Member.

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

12

Log in to Gaia Clish or the Expert mode.

Note - On Scalable Platforms (Maestro and Chassis), you must use Gaia gClish or the Expert mode.

13

Make sure the new value of the kernel parameter is configured.

  • On a Security Gateway / each Cluster Member, run in Gaia Clish or the Expert mode:

    fw ctl get str <Name of String Kernel Parameter> [-a]

  • On a Scalable Platform Security Group, run in Gaia gClish:

    fw ctl get str <Name of String Kernel Parameter> [-a]

  • On a Scalable Platform Security Group, run in the Expert mode:

    g_fw ctl get str <Name of String Kernel Parameter> [-a]

Important - This change does not survive reboot.

Step

Instructions

1

Connect to the command line on your Security Gateway or Cluster Member.

Note - On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

2

Log in to Gaia Clish or the Expert mode.

Note - On Scalable Platforms (Maestro and Chassis), you must use Gaia gClish or the Expert mode.

3

Clear the current value from a string kernel parameter:

Note - You must set an empty value in single quotes, or double quotes. Use one of these syntax options.

  • On a Security Gateway / each Cluster Member, run in Gaia Clish or the Expert mode:

    fw ctl set str '<Name of String Kernel Parameter>'

    or

    fw ctl set str "<Name of String Kernel Parameter>"

  • On a Scalable Platform Security Group, run in Gaia gClish:

    fw ctl set str '<Name of String Kernel Parameter>'

    or

    fw ctl set str "<Name of String Kernel Parameter>"

  • On a Scalable Platform Security Group, run in the Expert mode:

    g_fw ctl set str '<Name of String Kernel Parameter>'

    or

    g_fw ctl set str "<Name of String Kernel Parameter>"

Example:

[Expert@MyGW:0]# fw ctl set str debug_filter_saddr_ip ''
Set operation succeeded
[Expert@MyGW:0]#

4

Make sure the value is cleared (the new value is empty):

  • On a Security Gateway / each Cluster Member, run in Gaia Clish or the Expert mode:

    fw ctl get str <Name of String Kernel Parameter>

  • On a Scalable Platform Security Group, run in Gaia gClish:

    fw ctl get str <Name of String Kernel Parameter>

  • On a Scalable Platform Security Group, run in the Expert mode:

    g_fw ctl get str <Name of String Kernel Parameter>

Example:

[Expert@MyGW:0]# fw ctl get str debug_filter_saddr_ip
debug_filter_saddr_ip = ''
[Expert@MyGW:0]#