User-space Firewall (USFW) is a stable and mature infrastructure that allows Check Point Firewall instances to run in user-space mode, It has been used for several years now on VSX.
As such, Check Point decided to gradually move appliances to utilize USFW starting R80.30 3.10
The motivation for the USFW infrastructure development:
- Support a large number of FW instances.
- Quick process recovery upon a failure or a crash.
- Faster development of new features.
- Improve system traceability, reduce troubleshooting time.
Q: Which Security Gateways/Appliances can utilize USFW?
A: For the list of Security Gateways and appliances that support USFW refer to sk167052
Q: My Gateway is running only 4 cores / VM, why is my machine running in USFW?
A: USFW will gradually become the default mode in future releases, new appliance models are designed and shipped configured to use USFW as the default mode.
Q: Most of my traffic is handled through the SecureXL Fast path, will I benefit from USFW?
A: SecureXL on USFW mode runs in kernel mode, traffic will be accelerated (in kernel) efficiently similar to the Kernel Mode
Q: Is there any reason to switch back to Kernel mode?
A: Check Point is gradually transferring to USFW mode. It is preferred and best practice to keep the security GW in its default mode, yet it will be possible to switch to kernel mode – please see SK167052 for more details.
Q: How do I determine if the Security Gateway runs using USFW?
A: Run “cpprod_util FwIsUSFW” (1 = USFW)
Q: Does a USFW work the same as it works with VSX? Do the same limitations apply?
A: Although USFW is using a similar infrastructure as used with VSX, the limitations are different. Refer to sk167052 for USFW known limitations.
For any additional questions, feel free to tag me in your USFW posts.