This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
Champion Champion
Champion
‎2019-12-13 10:46 AM
Jump to solution

R80.40 - new interesting commands

This overview describes new CLI commands in R80.40.

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion
‎2019-12-15 10:32 PM
Jump to solution

Shows the ClusterXL multi-version  state:

# cphaprob mvc

cp_mv.PNG

Shows SW version match for all cluster members

# cphaprob release

cp_mv2.PNG

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

7 Replies
HeikoAnkenbrand
Champion Champion
Champion
‎2019-12-13 10:50 AM
Jump to solution

The multi queueing configuration works slightly different than the previous versions or in old 3.10 kernel GAIA versions. A new CLI command was implemented for this purpose:

# mq_mng

Multiqueue configuration optional arguments:
-h, --help                                  show this help message and exit
-s {off,auto,manual},               --set-mode {off,auto,manual}
                                                    Configure Multiqueue mode. Either off or auto/manual [default = auto].
                                                    Note: this may cause short packet loss
-i [ ...], --interface [ ...]             Interfaces list [default = all]. Whitespace delimiter.
-c [ ...], --core [ ...]                    CPU cores list (should be at least 2). Whitespace delimiter.
-r, --reconf                                 Apply current Multiqueue policy
-o, --show                                  Show Multiqueue status for specific or all interfaces
-v, --verbosity                            Verbose status
-a                                                 Show all interfaces
--show                                        Show Multiqueue configuration. Add -v/-vv for additional data

Note:
Any Multiqueue configuration may cause a temporary packet loss due to NIC reset.

Examples:

Set automaic affinity eth1 and eth2

r8040_mq1.JPG

Set manual affinity to CPU cores 0, 6 , 7, 8 on all interfaces 

r8040_mq2.JPG

 
➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
HeikoAnkenbrand
Champion Champion
Champion
‎2019-12-13 11:04 AM
Jump to solution

It is now possible to enable and disable SecureXL interface for acceleration.

Set or clear the non-accelerated flag an interface:

Enables or disables SecureXL acceleration for the given interface(s)

# fwaccel nonaccel

-s                        disable acceleration
-c                        enable acceleration

Example:

Disable acceleration for interface eth1

r8040_ac1.JPG

Enable acceleration for interface eth1:

r8040_ac2.JPG

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
HeikoAnkenbrand
Champion Champion
Champion
‎2019-12-15 10:32 PM
Jump to solution

Shows the ClusterXL multi-version  state:

# cphaprob mvc

cp_mv.PNG

Shows SW version match for all cluster members

# cphaprob release

cp_mv2.PNG

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
RickLin
Advisor
Advisor
‎2020-02-12 01:45 AM
In response to HeikoAnkenbrand
Jump to solution

The Multi-Version Cluster(MVC) Upgrade replaced the Connectivity Upgrade(CU).

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion
‎2020-01-28 10:53 AM
Jump to solution

A new interesting function for performance tuning has been included in R80.40. Dynamic split of CoreXL changes the assignment of CoreXL SND's and CoreXL firewall workers automatically without reboot.

In ClusterXL, you must configure all the Cluster Members in the same way. The dynamic_split command controls the Dynamic Split of CoreXL Firewall and SND instances on the local Security Gateway, or ClusterXL Member.

For more information, see R80.40 Performance Tuning Administration Guide - Chapter CoreXL or see R80.x - Performance Tuning Tip - Dynamic split of CoreXL in R80.40.

Run these commands in the Expert mode

# dynamic_split

                            -o disable                 -> Disables the CoreXL Dynamic Split. Requires a reboot.
                            -o enable                  -> Enables the CoreXL Dynamic Split. Requires a reboot
                            -o start                      -> Starts the CoreXL Dynamic Split after it was stopped. This change survives the reboot-
                            -o stop                       -> Stops the CoreXL Dynamic Split. This change does not survive the reboot.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
HeikoAnkenbrand
Champion Champion
Champion
‎2020-02-09 10:18 PM
Jump to solution

The new upgrade mechanism will be executed  when upgrading from R80.20, R80.20.Mx and R80.30 to R80.40 and to any future version.

migrate_server

New:

- automatically downloaded as upgrade packages from the Download Center

- using CPUSE, the report is available by clicking --> “To see a detailed upgrade report”

More read here:

New upgrade mechanism for management servers in R80.40! 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
RickLin
Advisor
Advisor
‎2020-02-12 01:43 AM
In response to HeikoAnkenbrand
Jump to solution

upgrade report

image.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events