- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Hello team,
We are trying to use the Secure XL Fast Accel feature on our 1800 Gateways. For this we followed sk156672, enabled the feature and created a general rule to speed up user traffic to the proxy, installed the policies and nothing happened with the hit count after a few days (attached image).
Can someone help us to know what is wrong?
We're wotking with a Cluster XL with two 1800 in high availability, the OS version is R81.10.10 945. We work only with the FW blade.
Regards.
Hi Guys
Fast Accel suppose to be supported on Spark.
See screenshot for configuration on locally managed.
on centrally managed it is also suppose to work. if it doesn't please open a Task and we will look into it
thanks
Afaik this is not a GAiA Embedded feature, here we only have Smart Accel:
...and only on locally managed SMBs. As sk156672 does not cover any SMB firmware versions, there is a reason to assume that.
This would be bad, but could it be confirmed somehow?
Look into https://sc1.checkpoint.com/documents/SMB_R81.10.X/CLI/EN/Content/Topics/Configuring-Smart-Accel-Sett... for configuration of Smart Accel.
And that is what it is - you can always open an informational SR# with CP TAC, if you need official confirmation, but:
- sk156672 only mentions GAiA systems, not GAiA Embedded
- Smart and Fast Accel on SMB would rather be a kind of overkill, a second Accel function does not make sense, especially on SMB....
Hello,
I did not remember to mention that the cluster is centrally managed and Smart Accel has this note:
Note - This setting only applies to locally managed devices.
So I'm stuck again. Are there any best practice guidelines for improving SMB performance?
Thanks in advance.
Yep:
fast_accel can certainly be used to accelerate trusted flows (ensure it is processed in fastpath, not medium path).
It looks like you can manually tune the number of CoreXL instances: https://support.checkpoint.com/results/sk/sk174423
If the issue with load is with SND processes, then reducing the number of CoreXL instances might help.
Also bear in mind that if the traffic has to go F2F/slowpath for some reason, fast-accel will not work. Only Medium Path (passive & active streaming) can be forced into the fastpath with fast-accel. On R81+ standard gateways you can use the command fw tab -u -t connections -z to see what connections are F2F/slowpath and the reason they are being handled there; not sure if this command works on SMB or what the equivalent command would be.
The command works, I am getting a quite reasonable output, where the connections from users to the proxy look like this:
localhost:
Dir Source IP SPort Destination IP DPort PR FW State
--- --------------- ----- --------------- ----- -- ---------------
1 userIP 55923 ProxyIP 8080 6 Link
And also by executing the command “fwaccel conns” I can see the connections from users to the proxy.
The sk does not explicitly mention if fast_accel is supported on Quantum Spark or not.
@Amir_Ayalon ?
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
13 | |
3 | |
2 | |
1 | |
1 | |
1 | |
1 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY