Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Hermano_Pereira
Participant

Hello,

Anyone knows how to check in GAIA if AES-NI is enabled on supported appliances and open-servers?

The flag is not present in cpuinfo...

Thanks!

0 Kudos
1 Solution

Accepted Solutions
Matthew_Johnson
Employee
Employee

run dmesg and grep for aes-ni

VPN-1: AES-NI is supported on this hardware

View solution in original post

0 Kudos
6 Replies
Pablo_Barriga
Advisor

Hello this could be helpful

Check Point supports AES-NI on the following appliances (only when running Gaia OS with 64-bit kernel):

ApplianceStarting in
3100 / 3200R77.30 for 3000
5600 / 5800R77.30 for 5000
12400 / 12600R76
13500 / 13800R76
15400 / 15600R77.30 for 15000
21400 / 21600 / 21700 / 21800R76
23500 / 23800R77.30 for 23000
41000 / 61000R76SP
44000 / 64000R76SP.50

On these appliances, AES-NI is enabled by default. AES-NI is also supported on Open Servers. Make sure that Gaia OS is running in 64-bit mode.

Official Document 

sk105119

Hermano_Pereira
Participant

Thank you Pablo!

It´s because of that information that i´m wondering how to check in GAIA if it is really enabled...

In a regular linux, cat /proc/cpuinfo shows if the instruction is present with the flag "aes"...

My gateways are running R80.10 on AES-NI supported appliances and open-servers.

Thanks!

0 Kudos
Matthew_Johnson
Employee
Employee

run dmesg and grep for aes-ni

VPN-1: AES-NI is supported on this hardware

0 Kudos
Hermano_Pereira
Participant

Thank you Matthew!

I get the output in appliances! Not on open-servers... I wonder why!? On the same machines with regular linux the instruction is there.

Regards

0 Kudos
Timothy_Hall
Champion
Champion

The dmesg method of detecting AES-NI support stopped working in R80.40, although the firewall code is still actively taking advantage of AES-NI.  See sk170779: AES-NI commands no longer work in R80.40

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Timothy_Hall
Champion
Champion

To update this old thread for posterity, the fw ctl get int AESNI_is_supported command can be used in R80.40 Jumbo HFA 100+ and R81 Jumbo HFA 13+ to check for the presence of AES-NI support.  See sk170799 which as been updated recently.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events