fwaccel templates
In the R81.10.X releases, this command is available starting from the R81.10.00 version.
Description
The "fwaccel templates" and "fwaccel6 templates" commands show the contents of the SecureXL templates tables:
-
Accept Templates
-
Drop Templates
Important - By default, the Drop Templates are disabled.
To enable the Drop Templates:
-
In SmartConsole, open the Security Gateway / Cluster object.
-
In the left tree, click the Optimizations pane.
-
Select Enable drop optimization.
-
Click OK.
-
Install the Access Control policy.
-
|
|
Important - Based on the number of current templates, these commands can consume memory at very high level. |
Syntax for IPv4
|
|
Syntax for IPv6
|
|
Parameters
|
Parameter |
Description |
|---|---|
|
No Parameters |
Shows the contents of the SecureXL Accept Templates table (Table Name - |
|
|
Shows the applicable built-in usage. |
|
|
Shows the contents of the SecureXL Drop Templates table. |
|
|
Specifies how many rows to show from the templates table. Note - The command counts from the top of the table. Default : 1000 |
|
|
Shows the summary of SecureXL Connections Templates (number of templates) |
|
|
Shows statistics for the SecureXL Connections Templates. |
Accept Templates flags
One or more of these flags appears in the output:
|
Flag |
Description |
|---|---|
|
A |
Connection is accounted (SecureXL counts the number of packets and bytes). |
|
B |
Connection is created for a rule that contains an Identity Awareness object, or for a rule below that rule. |
|
E |
Connection is created for a NAT rule that contains an Identity Awareness object. |
|
I |
Identity Awareness (NAC) is enabled for this connection. |
|
M |
Connection is created for a rule that contains a Domain object, or for a rule below that rule. |
|
N |
Connection undergoes NAT. |
|
O |
Connection is created for a rule that contains a Dynamic object, or for a rule below that rule. |
|
P |
Connection is created for a rule that may match a Service with an explicitly configured Source port. |
|
Q |
QoS is enabled for this connection. |
|
R |
Connection is created for a rule that contains a Traceroute object, or for a rule below that rule. |
|
S |
PXL (combination of SecureXL and PSL (Passive Streaming Library)) is enabled for this connection. |
|
T |
Connection is created for a rule that contains a Time object, or for a rule below that rule. |
|
U |
Connection is unidirectional. |
|
X |
Connection is created for a NAT rule that contains a translated Dynamic object. |
|
Z |
Connection is created for a rule that contains a Security Zone object, or for a rule below that rule. |
Drop Templates flags
One or more of these flags appears in the output:
|
Flag |
Description |
|---|---|
|
D |
Drop template exists for this connection. |
|
L |
Log and Drop action for this connection. |
Examples
Example 2 - Drop Templates
[Expert@MyGW]# fwaccel templates -d
The SecureXL drop templates table is empty
[Expert@MyGW]#
|
Example 3 - Summary of SecureXL Connections Templates
[Expert@MyGW]# fwaccel templates -s Total number of templates: 1 [Expert@MyGW]# |