Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

R80.40: fw ctl set int XXX -a errors

While writing the R80.40 addendum for my book, I've come across some strange behavior when setting SIM kernel variables in R80.40 in the context of disabling anti-spoofing "on the fly":

[Expert@gw-38a56d:0]# fw ctl get int sim_anti_spoofing_enabled -a
FW:
Get operation failed: failed to get parameter sim_anti_spoofing_enabled
PPAK 0: sim_anti_spoofing_enabled = 1


[Expert@gw-38a56d:0]# fw ctl set int sim_anti_spoofing_enabled 0 -a
PPAK 0: Get before set operation succeeded of sim_anti_spoofing_enabled
Set operation failed: failed to get parameter sim_anti_spoofing_enabled
set: Operation failed
Killed


[Expert@gw-38a56d:0]# fw ctl get int sim_anti_spoofing_enabled -a
FW:
Get operation failed: failed to get parameter sim_anti_spoofing_enabled
PPAK 0: sim_anti_spoofing_enabled = 0

Clearly the set command is working correctly but throwing all kinds of errors and giving a strong impression that it did not work.  Didn't see this error output in R80.20 and R80.30.  This is on vanilla R80.40, and I don't see any mention of this behavior in the R80.40 Jumbo HFA.  Can someone from R&D explain if there is some better way I should be setting SIM kernel variables as it definitely doesn't seem happy with this technique. Setting "regular" fw kernel variables works fine with no errors.  Tagging @PhoneBoy 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
1 Reply
Highlighted
Employee
Employee

Hi,

The "fw ctl set int" command was changed during R80.20 to allow changing both FW and PPAK global variables.

The command will try to set the variable at the same time in FW and PPAK - if the variable only exist in one of them then the other will fail.

In your examples below, you tried to set global parameter that exist only in PPAK, because of that you can see that FW is failing (no such parameter) and PPAK manage to get/set the parameter