fw monitor/tcpdump  and  "fwaccel off" - yes or no

Poll created by Heiko Ankenbrand on Aug 27, 2018

I don't recommend doing this "fwaccel off" on a production firewall the performance impact can be noticeable.  I would always recommend disabling SecureXL selectively for the IP addresses you want to capture ahead of time, then you can use tcpdump and/or fw monitor to see all inbound and outbound traffic:

 

sk104468: How to disable SecureXL for specific IP addresses

 

Or if necessary, I look at the utilization of the gateway and decide accordingly.

 

How do you do that?

53 total votes You cannot vote on this poll
  • "fwaccel off" - Execute this command without further check!
    9
  • "fwaccel off" - Execute this command with previous performance check!
    36
  • Disabling SecureXL selectively for IP‘s (sk104468)
    8