https://community.checkpoint.com/t5/Firewall-and-Security-Management/Accelerated-drop-feature/m-p/67176#M5113 <P>I'm wondering if there is any difference between sim dropcfg and fwaccel dos blacklist, at a high level they seem to do the same <span class="lia-unicode-emoji" title=":thinking_face:">🤔</span></P> Tue, 12 Nov 2019 13:01:23 GMT FedericoMeiners 2019-11-12T13:01:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Accelerated-drop-feature/m-p/67146#M5110 <P>Hello,</P><P>Can I confirm that the accelerated drop feature as described in&nbsp;<SPAN>sk67861 is supported on R80.20 and R80.30 as well?</SPAN></P><P>Many thanks.</P> Tue, 12 Nov 2019 07:25:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Accelerated-drop-feature/m-p/67146#M5110 Nick_Doropoulos 2019-11-12T07:25:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Accelerated-drop-feature/m-p/67152#M5111 <P>YES - According to the&nbsp;<A class="cp_link sc_ellipsis" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk98348&amp;partition=General&amp;product=Security" target="_blank">sk98348: Best Practices - Security Gateway Performance</A>&nbsp;that is valid for all versions.</P> Tue, 12 Nov 2019 08:34:36 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Accelerated-drop-feature/m-p/67152#M5111 G_W_Albrecht 2019-11-12T08:34:36Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Accelerated-drop-feature/m-p/67176#M5113 <P>I'm wondering if there is any difference between sim dropcfg and fwaccel dos blacklist, at a high level they seem to do the same <span class="lia-unicode-emoji" title=":thinking_face:">🤔</span></P> Tue, 12 Nov 2019 13:01:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Accelerated-drop-feature/m-p/67176#M5113 FedericoMeiners 2019-11-12T13:01:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Accelerated-drop-feature/m-p/67191#M5114 <P>Prior to R80.20 there were quite a few different ways to block or limit traffic in SecureXL that were introduced over the years and it ended up becoming a bit of a mishmash.&nbsp; Examples of this were commands <STRONG>sim hlqos</STRONG>, <STRONG>sim dropcfg</STRONG>, <STRONG>fw samp</STRONG>, <STRONG>sim erdos</STRONG>, and <STRONG>sim_dos ctl</STRONG>.&nbsp; It was not always clear which of these should be used in a particular situation, and there were overlaps in functionality between some of them which added to the confusion.</P> <P>Thankfully, in R80.20+ all these various SecureXL features were simplified and updated into a more clear feature set via the <STRONG>fwaccel dos</STRONG> and <STRONG>fw sam_policy</STRONG> commands.&nbsp; The former command is primarily responsible for blocking and blacklisting in all its various forms, while the latter command is more or less the equivalent to <STRONG>fw samp</STRONG> and allows various rate-limiting and quota options that are efficiently enforced by SecureXL.&nbsp; Much better to use <STRONG>fw sam_policy</STRONG> than the IPS signature "Network Quota" which if enabled will kill practically all acceleration in the firewall.</P> <P>&nbsp;</P> Tue, 12 Nov 2019 14:55:17 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Accelerated-drop-feature/m-p/67191#M5114 Timothy_Hall 2019-11-12T14:55:17Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Accelerated-drop-feature/m-p/67218#M5119 Great as always Tim, thanks for the clarification Tue, 12 Nov 2019 18:00:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Accelerated-drop-feature/m-p/67218#M5119 FedericoMeiners 2019-11-12T18:00:28Z