Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
checkpointer
Participant

Edit SIP_MAX_INVITE setting to persist after reboot

Jump to solution

Hello,

We have changed the SIP_MAX_INVITE setting on the CLI of one of our VS instances (R80.40 on the 6600 platform) but want to make sure this is saved into the relevant file so the setting persists after reboot. How we can achieve this?

Checkpointer

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend
Legend

See sk26202 Changing the kernel global parameters for Check Point Security Gateway:

Global kernel parameters exist to control (customize) the behavior of Security Gateway (kernel parameters are located in the $FWDIR/boot/modules/fw*mod* kernel modules).

On VSX Gateway, value of a kernel parameter applies to all configured Virtual Systems / Virtual Routers (i.e., it is not possible to set a value of a kernel parameter per Virtual System / Virtual Router).

CCSE CCTE SMB Specialist

View solution in original post

7 Replies
PhoneBoy
Admin
Admin

Not familiar with this particular configuration.
What precise steps did you take?

0 Kudos
checkpointer
Participant

Thanks Phoneboy, 

 

I think this is really to do with maintaining manual edits after reboot in a VSX environment.

On  the older appliance based FWs pre VSX we needed to amend a file for setting such as TCP max session so that when the FW rebooted the setting wasn’t lost as we had set it on the CLI.

Now that we have VSX with several VSs running on the appliances we are not sure if the same thing applies.  We have set the config using CLI on each virtual system but we suspect these will be lost on restart.

Is there an SK that advises on this?

Regards,

Checkpointer

0 Kudos
G_W_Albrecht
Legend
Legend

See sk26202 Changing the kernel global parameters for Check Point Security Gateway:

Global kernel parameters exist to control (customize) the behavior of Security Gateway (kernel parameters are located in the $FWDIR/boot/modules/fw*mod* kernel modules).

On VSX Gateway, value of a kernel parameter applies to all configured Virtual Systems / Virtual Routers (i.e., it is not possible to set a value of a kernel parameter per Virtual System / Virtual Router).

CCSE CCTE SMB Specialist

View solution in original post

checkpointer
Participant

Thanks a mil guys!

G_W_Albrecht
Legend
Legend

But i do think that you really want to set the "sip_expire" kernel parameter.

CCSE CCTE SMB Specialist
0 Kudos
checkpointer
Participant

Thanks GW, why do you say this?

0 Kudos
G_W_Albrecht
Legend
Legend

Because i do not know a sip_max_reinvite kernel parameter, only sip_expire...

CCSE CCTE SMB Specialist
0 Kudos