cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Accelerated drop feature

Hello,

Can I confirm that the accelerated drop feature as described in sk67861 is supported on R80.20 and R80.30 as well?

Many thanks.

4 Replies

Re: Accelerated drop feature

YES - According to the sk98348: Best Practices - Security Gateway Performance that is valid for all versions.

0 Kudos

Re: Accelerated drop feature

I'm wondering if there is any difference between sim dropcfg and fwaccel dos blacklist, at a high level they seem to do the same 🤔

____________
https://www.linkedin.com/in/federicomeiners/
0 Kudos

Re: Accelerated drop feature

Prior to R80.20 there were quite a few different ways to block or limit traffic in SecureXL that were introduced over the years and it ended up becoming a bit of a mishmash.  Examples of this were commands sim hlqos, sim dropcfg, fw samp, sim erdos, and sim_dos ctl.  It was not always clear which of these should be used in a particular situation, and there were overlaps in functionality between some of them which added to the confusion.

Thankfully, in R80.20+ all these various SecureXL features were simplified and updated into a more clear feature set via the fwaccel dos and fw sam_policy commands.  The former command is primarily responsible for blocking and blacklisting in all its various forms, while the latter command is more or less the equivalent to fw samp and allows various rate-limiting and quota options that are efficiently enforced by SecureXL.  Much better to use fw sam_policy than the IPS signature "Network Quota" which if enabled will kill practically all acceleration in the firewall.

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Re: Accelerated drop feature

Great as always Tim, thanks for the clarification
____________
https://www.linkedin.com/in/federicomeiners/