- CheckMates
- :
- Products
- :
- Quantum
- :
- SMB Gateways (Spark)
- :
- Re: Fast Accel is not working in QS 1800
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fast Accel is not working in QS 1800
Hello team,
We are trying to use the Secure XL Fast Accel feature on our 1800 Gateways. For this we followed sk156672, enabled the feature and created a general rule to speed up user traffic to the proxy, installed the policies and nothing happened with the hit count after a few days (attached image).
Can someone help us to know what is wrong?
We're wotking with a Cluster XL with two 1800 in high availability, the OS version is R81.10.10 945. We work only with the FW blade.
Regards.
- Tags:
- fast_accel
- QS-1800
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Guys
Fast Accel suppose to be supported on Spark.
See screenshot for configuration on locally managed.
on centrally managed it is also suppose to work. if it doesn't please open a Task and we will look into it
thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Afaik this is not a GAiA Embedded feature, here we only have Smart Accel:
...and only on locally managed SMBs. As sk156672 does not cover any SMB firmware versions, there is a reason to assume that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This would be bad, but could it be confirmed somehow?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Look into https://sc1.checkpoint.com/documents/SMB_R81.10.X/CLI/EN/Content/Topics/Configuring-Smart-Accel-Sett... for configuration of Smart Accel.
And that is what it is - you can always open an informational SR# with CP TAC, if you need official confirmation, but:
- sk156672 only mentions GAiA systems, not GAiA Embedded
- Smart and Fast Accel on SMB would rather be a kind of overkill, a second Accel function does not make sense, especially on SMB....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I did not remember to mention that the cluster is centrally managed and Smart Accel has this note:
Note - This setting only applies to locally managed devices.
So I'm stuck again. Are there any best practice guidelines for improving SMB performance?
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yep:
now available at maxpowerfirewalls.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
fast_accel can certainly be used to accelerate trusted flows (ensure it is processed in fastpath, not medium path).
It looks like you can manually tune the number of CoreXL instances: https://support.checkpoint.com/results/sk/sk174423
If the issue with load is with SND processes, then reducing the number of CoreXL instances might help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also bear in mind that if the traffic has to go F2F/slowpath for some reason, fast-accel will not work. Only Medium Path (passive & active streaming) can be forced into the fastpath with fast-accel. On R81+ standard gateways you can use the command fw tab -u -t connections -z to see what connections are F2F/slowpath and the reason they are being handled there; not sure if this command works on SMB or what the equivalent command would be.
now available at maxpowerfirewalls.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The command works, I am getting a quite reasonable output, where the connections from users to the proxy look like this:
localhost:
Dir Source IP SPort Destination IP DPort PR FW State
--- --------------- ----- --------------- ----- -- ---------------
1 userIP 55923 ProxyIP 8080 6 Link
And also by executing the command “fwaccel conns” I can see the connections from users to the proxy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The sk does not explicitly mention if fast_accel is supported on Quantum Spark or not.
@Amir_Ayalon ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Guys
Fast Accel suppose to be supported on Spark.
See screenshot for configuration on locally managed.
on centrally managed it is also suppose to work. if it doesn't please open a Task and we will look into it
thanks