This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
Champion Champion
Champion
‎2023-04-19 03:24 AM

Disable SecureXL Permenantly


I have several issues with SecureXL at one customer environment and we also have a TAC case open.

My question is:

What is the official way to permanently disable SecureXL in R81.10 and R81.20?


I have already test the following:

1)  Disable SecureXL in the fwstart script.
      $FWDIR/bin/fwstart
            $CPDIR/bin/cpprod_util FwSetSecureXL 0 --> disable SecureXL permanently
    
      fwaccel_54645646.png
      >>> This causes SecureXL to be set to the "not init" (see picture) state and the firewall does not work at all.

2) Disable SecureXL via crontab at boot and script
       #!/bin/sh
       sleep 60
       source /etc/profile.d/CP.sh
       /opt/CPsuite-R80.30/fw1/bin/fwaccel off > /dev/null 2>&1     
       exit
       >>> As a result, SecureXL will work for about 80 seconds until it is turned off.
              For the 80 seconds, there may be a malfunction of the operation.

3) Disable SecureXL via Boot-Script:
       echo "fwaccel off" >> /etc/init.d/cpboot
       >>> As a result, SecureXL will work for about 20 seconds until it is turned off.
              For the 20 seconds, there may be a malfunction of the operation.

4) In R80.10 and below, SecureXL can be permanently disabled through the CPconfig utility. See sk41397
       >>> Is therefore also not a solution for R81.10/R81.20

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
1 Reply
Chris_Atkinson
Employee Employee
Employee
‎2023-04-19 04:24 AM

Heiko,

This is not directly a response (answer) to your post rather a related public service announcement of sorts for others reading from elsewhere.

Disclaimer:
In general disabling SecureXL permanently is NOT supported.

For the typical scenario if disabling SecureXL temporarily resolves an issue it is a bug and should be taken with TAC for investigation.

For context:
sk162492 : When disabling SecureXL with "fwaccel off" in R80.20 and above, traffic is still being accelerated

sk41397 : How to enable/disable Check Point SecureXL via CLI

sk104468 : How to disable SecureXL for specific IP addresses

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events