Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Yoon
Explorer

Accept Templates are still disabled even after disabled the specific rule

The accept templates are disabled by a specific rule. So, we tried with the disable that specific rule in policy, but still the accept template is disabled. Any suggestion for that. 

Version R80.40 , Hotfix Take 120 , ClusterXl environmentfwaccel statfwaccel stat

0 Kudos
2 Replies
G_W_Albrecht
Legend
Legend

0 Kudos
Timothy_Hall
Champion
Champion

After disabling the rule did you install policy to the gateway?  That should have updated where the templating will stop.  It is also possible you are running into this: sk62323: Output of 'fwaccel stat' shows that SecureXL Accept Templates are disabled from rule, whose...

In R80.40 there are very few situations that will halt accept templating in the rulebase, here they are in order of likelihood:

  • DCE/RPC Services
  • gdhcp as Gunter noted
  • Legacy "mapped" services or others that also invoke custom INSPECT code
  • Services that specify a custom SOURCE port range (not common - this may have been resolved in the latest releases, can't remember)
  • IPS Signature "Network Quota" is enabled (use fwaccel dos rate instead)
  • Legacy Client and User Authentication rules, not sure if these are even still supported

Keep in mind that just because templating got halted, that situation has absolutely zero effect on the status of throughput acceleration through the various paths (SXL,PXL,CPAS,F2F), even for traffic matched on rules below where the templating has stopped.

New 2021 IPS/AV/ABOT Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos