fw monitor/tcpdump  and  "fwaccel off" - yes or no

Poll created by Heiko Ankenbrand Champion on Aug 27, 2018

I don't recommend doing this "fwaccel off" on a production firewall the performance impact can be noticeable.  I would always recommend disabling SecureXL selectively for the IP addresses you want to capture ahead of time, then you can use tcpdump and/or fw monitor to see all inbound and outbound traffic:

 

sk104468: How to disable SecureXL for specific IP addresses

 

Or if necessary, I look at the utilization of the gateway and decide accordingly.

 

How do you do that?

 

Regards,

Heiko

56 total votes You cannot vote on this poll
  • "fwaccel off" - Execute this command without further check!
    11
  • "fwaccel off" - Execute this command with previous performance check!
    37
  • Disabling SecureXL selectively for IP‘s (sk104468)
    8