fwaccel stats

Description

The fwaccel stats and fwaccel6 stats commands show acceleration statistics for IPv4 on the local Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources., or Cluster MemberClosed Security Gateway that is part of a cluster..

Syntax for IPv4

fwaccel stats

      [-c]

      [-d]

      [-l]

      [-m]

      [-n]

      [-o]

      [-p]

      [-q]

      [-r]

      [-s]

      [-x]

Syntax for IPv6

fwaccel6 stats

      [-c]

      [-d]

      [-l]

      [-m]

      [-n]

      [-o]

      [-p]

      [-q]

      [-r]

      [-s]

      [-x]

Parameters

Parameter

Description

-c

Shows the statistics for ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Correction.

-d

Shows the statistics for drops from device.

-l

Shows the statistics in legacy mode - as one table.

-m

Shows the statistics for multicast traffic.

-n

Shows the statistics for Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. (NAC).

-o

Shows the statistics for Reorder Infrastructure.

-p

Shows the statistics for SecureXLClosed Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway. violations (F2FClosed Denotes non-VPN connections that SecureXL forwarded to firewall. See "Firewall Path". packets).

-q

Shows the statistics notifications the SecureXL sent to the Firewall.

-r

Resets all the counters.

-s

Shows the statistics summary only.

-x

Shows the statistics for PXL.

Note - PXL is the technology name for combination of SecureXL and PSLClosed Passive Streaming Library. Packets may arrive at Security Gateway out of order, or may be legitimate retransmissions of packets that have not yet received an acknowledgment. In some cases, a retransmission may also be a deliberate attempt to evade IPS detection by sending the malicious payload in the retransmission. Security Gateway ensures that only valid packets are allowed to proceed to destinations. It does this with the Passive Streaming Library (PSL) technology. (1) The PSL is an infrastructure layer, which provides stream reassembly for TCP connections. (2) The Security Gateway makes sure that TCP data seen by the destination system is the same as seen by code above PSL. (3) The PSL handles packet reordering, congestion, and is responsible for various security aspects of the TCP layer, such as handling payload overlaps, some DoS attacks, and others. (4) The PSL is capable of receiving packets from the Firewall chain and from the SecureXL. (5) The PSL serves as a middleman between the various security applications and the network packets. It provides the applications with a coherent stream of data to work with, free of various network problems or attacks. (6) The PSL infrastructure is wrapped with well-defined APIs called the Unified Streaming APIs, which are used by the applications to register and access streamed data. (Passive Streaming Library).

In addition, see: