Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Advisor

Security Servers

Hello,

I am trying to understand the difference between content security/Threat Prevention and the legacy security servers.

Are security servers (fwssd - in.ahhtpd etc.) still used anywhere in the modern R80.10 NGTP gateway - where AV, AB, TE and/or TEX?

The NGTP pdf Moty shared on the community is a bit high level.

Also interested in the access control blades that might use fwssd or details on what they use.

SK88020 implies that there are kernel modules in use (APPI and RAD_KERNEL).

Does that mean that it is not fwssd but a more efficient process attached to the fw kernel? Perhaps Resource Advisor running in kernel memory and as a kernel module/process? Same for the NGTP engine/s?

Thanks,

Don

0 Kudos
3 Replies
Highlighted
Champion
Champion

The security server daemons you specifically named (in.aXXXXd) are not really used on a modern gateway.  However your question touches on what kind of processes are used on a firewall to handle/scan traffic outside the kernel.  There is a brand new chapter in the second edition of my book that covers this aspect in detail.  Key processes are rad, dlpu, and dlpda.  Bit tough to summarize it all here as the chapter ended up being over 20 pages, but some insight into this area is forthcoming...

--
My Book "Max Power: Check Point Firewall Performance Optimization"
Second Edition Coming Soon

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
Highlighted
Admin
Admin

The only place Security Servers *might* still be in use is DLP, and even there I believe we have moved away from using them.

They are largely deprecated in R80.x.

Highlighted
Advisor

Thanks guys. Good info.

Obviously with such a large customer install base things like FWSSDs and Legacy Auth will be in use in places and that could persist for some time.

BTW. Part of the question is to get an understanding not only technically but also related to the CCSE training content and besides certification exam and real-world training how to properly describe the FWSSDs in the context of the NGTP (and NGTX) gateway.