fw monitor/tcpdump  and  "fwaccel off" - yes or no

Poll created by Heiko Ankenbrand Champion on Aug 27, 2018

I don't recommend doing this "fwaccel off" on a production firewall the performance impact can be noticeable.  I would always recommend disabling SecureXL selectively for the IP addresses you want to capture ahead of time, then you can use tcpdump and/or fw monitor to see all inbound and outbound traffic:


sk104468: How to disable SecureXL for specific IP addresses


Or if necessary, I look at the utilization of the gateway and decide accordingly.


How do you do that?




57 total votes You cannot vote on this poll
  • "fwaccel off" - Execute this command without further check!
  • "fwaccel off" - Execute this command with previous performance check!
  • Disabling SecureXL selectively for IP‘s (sk104468)