fwaccel conns

Description

The fwaccel conns and fwaccel6 conns commands show the list of the SecureXL Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. connections on the local Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources., or Cluster Member Security Gateway that is part of a cluster..

Warning - If the number of concurrent connections is large, when you run these commands, they can consume memory and CPU at very high level (see sk118716).

Syntax for IPv4

fwaccel [-i <SecureXL ID>] conns

-h

-f <filter>

-m <Number of Entries>

-s

Syntax for IPv6

fwaccel6 conns

-h

-f <Filter>

-m <Number of Entries>

-s

Parameters

Parameter

Description

-h

Shows the applicable built-in help.

-i <SecureXL ID>

Specifies the SecureXL instance ID (for IPv4 only).

-f <Filter>

Show the SecureXL Connections Table entries based on the specified filter flags.

Notes:

To see the available filter flags, run:

fwaccel conns -h

Each filter flag is one letter - capital, or small.

You can specify more than one flag.

For example:

fwaccel conns -f AaQq

Available filter flags are:

A - Shows accounted connections (for which SecureXL counted the number of packets and bytes).
a - Shows not accounted connections.
C - Shows encrypted (VPN) connections.
c - Shows clear-text (not encrypted) connections.
F - Shows connections that SecureXL forwarded to Firewall.

Note - In R81, SecureXL does not support this parameter.
f - Shows cut-through connections (which SecureXL accelerated).

Note - In R81, SecureXL does not support this parameter.
H - Shows connections offloaded to the SAM card.

Note - R81, does not support the SAM card (Known Limitation PMTR-18774).
h - Shows connections created in the SAM card.

Note - R81, does not support the SAM card (Known Limitation PMTR-18774).
L - Shows connections, for which SecureXL created internal links.
l - Shows connections, for which SecureXL did not create internal links.
N - Shows connections that undergo NAT.

Note - In R81, SecureXL does not support this parameter.
n - Shows connections that do not undergo NAT.

Note - R81, SecureXL does not support this parameter.
Q - Shows connections that undergo QoS Check Point Software Blade on a Security Gateway that provides policy-based traffic bandwidth management to prioritize business-critical traffic and guarantee bandwidth and control latency..
q - Shows connections that do not undergo QoS.
S - Shows connections that undergo PXL.
s - Shows connections that do not undergo PXL.
U - Shows unidirectional connections.
u - Shows bidirectional connections.

-m <Number of Entries>

Specifies the maximal number of connections to show.

Note - In R81, SecureXL does not support this parameter.

-s

Shows the summary of SecureXL Connections Table (number of connections).

Warning - Depending on the number of current connections, might consume memory at very high level.

Example - Default output from a non-VSX Gateway

[Expert@MyGW:0]# fwaccel conns
Source          SPort Destination     DPort PR Flags     C2S i/f S2C i/f   Inst Identity
--------------- ----- --------------- ----- -- ----------- ------- ------- ---- -------
      1.1.1.200 50586       1.1.1.100 18191  6 F............. 2/2     2/-     3       0
  192.168.0.244 35925   192.168.0.242 18192  6 F............. 1/1     -/-     1       0
   192.168.0.93   257   192.168.0.242 53932  6 F............. 1/1     1/-     0       0
  192.168.0.242    22   172.30.168.15 57914  6 F............. 1/1     -/-     2       0
  192.168.0.244 34773   192.168.0.242 18192  6 F............. 1/1     -/-     2       0
   192.168.0.88   138   192.168.0.255   138 17 F............. 1/1     -/-     0       0
      1.1.1.100 18191       1.1.1.200 55336  6 F............. 2/2     2/-     4       0
  192.168.0.242 18192   192.168.0.244 38567  6 F............. 1/1     -/-     4       0
  192.168.0.242 53932    192.168.0.93   257  6 F............. 1/1     1/-     0       0
  192.168.0.242 18192   192.168.0.244 62714  6 F............. 1/1     -/-     1       0
  192.168.0.244 33558   192.168.0.242 18192  6 F............. 1/1     -/-     5       0
      1.1.1.200 36359       1.1.1.100 18191  6 F............. 2/2     2/-     5       0
      1.1.1.200 55336       1.1.1.100 18191  6 F............. 2/2     2/-     4       0
  192.168.0.242 60756    192.168.0.93   257  6 F............. 1/1     1/-     4       0
      1.1.1.100 18191       1.1.1.200 36359  6 F............. 2/2     2/-     5       0
      1.1.1.100 18191       1.1.1.200 50586  6 F............. 2/2     2/-     3       0
  192.168.0.244 38567   192.168.0.242 18192  6 F............. 1/1     -/-     4       0
  192.168.0.242 18192   192.168.0.244 32877  6 F............. 1/1     -/-     5       0
  192.168.0.242 53806   192.168.47.45    53 17 F............. 1/1     1/-     3       0
  192.168.0.242 18192   192.168.0.244 33558  6 F............. 1/1     -/-     5       0
  172.30.168.15 57914   192.168.0.242    22  6 F............. 1/1     -/-     2       0
  192.168.0.255   138    192.168.0.88   138 17 F............. 1/1     -/-     0       0
   192.168.0.93   257   192.168.0.242 60756  6 F............. 1/1     1/-     4       0
      1.1.1.200 18192       1.1.1.100 37964  6 F............. 2/2     -/-     1       0
      1.1.1.100 37964       1.1.1.200 18192  6 F............. 2/2     -/-     1       0
  192.168.0.244 32877   192.168.0.242 18192  6 F............. 1/1     -/-     5       0
  192.168.0.242 18192   192.168.0.244 34773  6 F............. 1/1     -/-     2       0
  192.168.0.242 18192   192.168.0.244 35925  6 F............. 1/1     -/-     1       0
  192.168.47.45    53   192.168.0.242 53806 17 F............. 1/1     1/-     3       0
  192.168.0.244 62714   192.168.0.242 18192  6 F............. 1/1     -/-     1       0
 
Idx Interface
--- ---------
  0 lo
  1 eth0
  2 eth1
 
Total number of connections: 30
[Expert@MyGW:0]#