This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JDCasCruz
Contributor
‎2024-07-18 07:25 AM
Jump to solution

Fast Accel is not working in QS 1800

Hello team,

We are trying to use the Secure XL Fast Accel feature on our 1800 Gateways. For this we followed sk156672, enabled the feature and created a general rule to speed up user traffic to the proxy, installed the policies and nothing happened with the hit count after a few days (attached image).

Can someone help us to know what is wrong?

We're wotking with a Cluster XL with two 1800 in high availability, the OS version is R81.10.10 945. We work only with the FW blade.

Quantum Spark (SMB) 

Regards.

Quantum Spark (SMB)
Quantum Spark (SMB)
Quantum
Preview file
31 KB
0 Kudos
1 Solution

Accepted Solutions
Amir_Ayalon
Employee
Employee
‎2024-07-18 10:41 AM
In response to PhoneBoy
Jump to solution

Hi Guys

Fast Accel suppose to be supported on Spark.

See screenshot for configuration on locally managed.

on centrally managed it is also suppose to work. if it doesn't please open a Task and we will look into it

thanks

 

 

 

View solution in original post

Preview file
74 KB
0 Kudos
10 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2024-07-18 07:53 AM
Jump to solution

Afaik this is not a GAiA Embedded feature, here we only have Smart Accel:

https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Locally_Managed/EN/Content/Topics/Smar...

https://sc1.checkpoint.com/documents/SMB_R81.10.X/CLI/EN/Content/Topics/Configuring-Smart-Accel-Sett...

...and only on locally managed SMBs. As sk156672 does not cover any SMB firmware versions, there is a reason to assume that.

 

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
JDCasCruz
Contributor
‎2024-07-18 11:02 AM
In response to G_W_Albrecht
Jump to solution

This would be bad, but could it be confirmed somehow?

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2024-07-19 02:06 AM
In response to JDCasCruz
Jump to solution

Look into https://sc1.checkpoint.com/documents/SMB_R81.10.X/CLI/EN/Content/Topics/Configuring-Smart-Accel-Sett... for configuration of Smart Accel.

And that is what it is - you can always open an informational SR# with CP TAC, if you need official confirmation, but:

- sk156672 only mentions GAiA systems, not GAiA Embedded

- Smart and Fast Accel on SMB would rather be a kind of overkill, a second Accel function does not make sense, especially on SMB....

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
JDCasCruz
Contributor
‎2024-08-23 08:51 AM
In response to G_W_Albrecht
Jump to solution

Hello,

I did not remember to mention that the cluster is centrally managed and Smart Accel has this note:

Note - This setting only applies to locally managed devices.

So I'm stuck again. Are there any best practice guidelines for improving SMB performance?

Thanks in advance.

 

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2024-08-23 09:50 AM
In response to JDCasCruz
Jump to solution

Yep:

https://community.checkpoint.com/t5/SMB-Gateways-Spark/Brief-introduction-to-SMB-performance-tuning/...

 

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
PhoneBoy
Admin
Admin
‎2024-08-23 10:19 AM
In response to JDCasCruz
Jump to solution

fast_accel can certainly be used to accelerate trusted flows (ensure it is processed in fastpath, not medium path).
It looks like you can manually tune the number of CoreXL instances: https://support.checkpoint.com/results/sk/sk174423 
If the issue with load is with SND processes, then reducing the number of CoreXL instances might help. 

Timothy_Hall
MVP Gold
MVP Gold
‎2024-07-18 09:26 AM
Jump to solution

Also bear in mind that if the traffic has to go F2F/slowpath for some reason, fast-accel will not work.  Only Medium Path (passive & active streaming) can be forced into the fastpath with fast-accel. On R81+ standard gateways you can use the command fw tab -u -t connections -z to see what connections are F2F/slowpath and the reason they are being handled there; not sure if this command works on SMB or what the equivalent command would be.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
JDCasCruz
Contributor
‎2024-07-18 10:44 AM
In response to Timothy_Hall
Jump to solution

The command works, I am getting a quite reasonable output, where the connections from users to the proxy look like this:

localhost:
Dir Source IP SPort Destination IP DPort PR FW State
--- --------------- ----- --------------- ----- -- ---------------
1 userIP 55923 ProxyIP 8080 6 Link

And also by executing the command fwaccel conns I can see the connections from users to the proxy.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-07-18 09:52 AM
Jump to solution

The sk does not explicitly mention if fast_accel is supported on Quantum Spark or not.
@Amir_Ayalon ?

0 Kudos
Amir_Ayalon
Employee
Employee
‎2024-07-18 10:41 AM
In response to PhoneBoy
Jump to solution

Hi Guys

Fast Accel suppose to be supported on Spark.

See screenshot for configuration on locally managed.

on centrally managed it is also suppose to work. if it doesn't please open a Task and we will look into it

thanks

 

 

 

Preview file
74 KB
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events