cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

R80.x - Performance Tuning Tip - SecureXL Fast Accelerator (fw ctl fast_accel)

The Fast Acceleration (picture 1 green) feature lets you define trusted connections to allow bypassing deep packet inspection on R80.20 JHF103 and above gateways. This feature significantly improves throughput for these trusted high volume connections and reduces CPU consumption.

The CLI of the gateway can be used to create rules that allow you to bypass the SecureXL PSLXL path to route all connections through the fast path.

Tip 1

Use this function to exclude IP's or networks from deep inspection.

fast_accel_3.PNG
Picture 1

Here you can see the complete packet flow in detail : R80.x - Security Gateway Architecture (Logical Packet Flow)
I will update the document  to this new function in the next few days.

Feature Attributes:

  • Configured from the gateway's CLI.
  • Can be turned On / Off, Off is the default.
  • Rules can be added / deleted by demand.
  • Configuration (State / rules) survive reboot.
  • Maintain rule hit count (does not survive reboot).
  • Every configuration change done by the user is logged in $FWDIR/log/fw_fast_accel.log file.

Feature Usage:

fw ctl fast_accel <option>

Option   Explanation
 add  Add a connection
 delete  Delete a connection
 enable  Set feature state to on
 disable  Set feature state to off
 show_table  Display the rules configured by the user
 show_state  Display the current feature state
 reset_stats  Reset the statistics collected by the feature
 --help/-h  Display help message

 

 

 

 

 

 

 

 

 

To create fast_accel rules, read more in this sk156672 - SecureXL Fast Accelerator (fw fast_accel) for R80.20 and above.

 

Tags (1)