Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PhongNN
Participant

SecureXL: fwaccel stat command does not show which rule disabled SecureXL

Jump to solution

Hi all

I run the fwaccel stat command but i do not see which rule disabled SecureXL

[Expert@DC-Outbound-Fw-02:0]# fwaccel stat
+-----------------------------------------------------------------------------+
|Id|Name |Status |Interfaces |Features |
+-----------------------------------------------------------------------------+
|0 |SND |enabled |eth1-01,eth1-02,eth1, |
| | | |eth2,eth8,Sync |Acceleration,Cryptography |
| | | | |Crypto: Tunnel,UDPEncap,MD5, |
| | | | |SHA1,NULL,3DES,DES,CAST, |
| | | | |CAST-40,AES-128,AES-256,ESP, |
| | | | |LinkSelection,DynamicVPN, |
| | | | |NatTraversal,AES-XCBC,SHA256 |
+-----------------------------------------------------------------------------+

Accept Templates : disabled by Firewall
Layer ---Drop Templates : enabled
NAT Templates : disabled by Firewall
Layer ---

I ran R80.30 version

Is it expected behavior ?

Thank you

Regards

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion

This is a known issue, the name of your Network policy layer is too long.  If you shorten it to under 32 characters the fwaccel stat display should work properly again.

sk145533: "Layer ---" is displayed instead of specific layer name and rule number in output of 'fwac...

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

3 Replies
_Val_
Admin
Admin

The normal output for R80.10 and up should look like this:

Accept Templates   : disabled by Firewall
                     Layer <Name_of_Layer> disables template offloads from rule #<N>
                     Throughput acceleration still enabled.

However, some features on FW can disable templating altogether, for example Network quota.

0 Kudos
Timothy_Hall
Champion
Champion

This is a known issue, the name of your Network policy layer is too long.  If you shorten it to under 32 characters the fwaccel stat display should work properly again.

sk145533: "Layer ---" is displayed instead of specific layer name and rule number in output of 'fwac...

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

krit
Participant

Dear Mr. Hall,

Thank you for this reply, it resolved the same issue I had.

Just to add that the initial policy name was 26 chars and I shortened it to 16 in order to be displayed properly ( R80.20 environment )

Best Regards,