Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ven
Participant

Accept Templates : disabled by Firewall- Template offloads disabled by IPS protect

Hi Experts, 

While checking the Acceleration templates status I see that the templates are disabled by firewall.  How to enable the templates again  ? 

Enabled_blades :  fw av ips anti_bot mon 

This is Check Point's software version R81.10 - Build 035
kernel: R81.10 - Build 036

+---------------------------------------------------------------------------------+
|Id|Name |Status |Interfaces |Features |
+---------------------------------------------------------------------------------+
|0 |KPPAK |enabled |Mgmt,Sync,eth4-01, |Acceleration,Cryptography |
| | | |eth2-02,eth2-04,eth4-02, | |
| | | |eth4-03 |Crypto: Tunnel,UDPEncap,MD5, |
| | | | |SHA1,3DES,DES,AES-128,AES-256,|
| | | | |ESP,LinkSelection,DynamicVPN, |
| | | | |NatTraversal,AES-XCBC,SHA256, |
| | | | |SHA384,SHA512 |
+---------------------------------------------------------------------------------+

Accept Templates : disabled by Firewall
Template offloads disabled by IPS protections: storm center
Drop Templates : enabled
NAT Templates : disabled by Firewall
Template offloads disabled by IPS protections: storm center
LightSpeed Accel : disabled

Accelerated conns/Total conns : 197/284 (69%)
LightSpeed conns/Total conns : 0/284 (0%)
Accelerated pkts/Total pkts : 104951089/122373677 (85%)
LightSpeed pkts/Total pkts : 0/122373677 (0%)
F2Fed pkts/Total pkts : 17422588/122373677 (14%)
F2V pkts/Total pkts : 1039356/122373677 (0%)
CPASXL pkts/Total pkts : 0/122373677 (0%)
PSLXL pkts/Total pkts : 76385911/122373677 (62%)
CPAS pipeline pkts/Total pkts : 0/122373677 (0%)
PSL pipeline pkts/Total pkts : 0/122373677 (0%)
CPAS inline pkts/Total pkts : 0/122373677 (0%)
PSL inline pkts/Total pkts : 0/122373677 (0%)
QOS inbound pkts/Total pkts : 0/122373677 (0%)
QOS outbound pkts/Total pkts : 0/122373677 (0%)
Corrected pkts/Total pkts : 0/122373677 (0%)

 

 

 

0 Kudos
3 Replies
_Val_
Admin
Admin

Templates are disabled by using the StormCenter feature in IPS. You need to review your policy and see if you can live without DShield StormCenter enabled.

If you need an official answer about this, please open a TAC ticket through https://help.checkpoint.com

Timothy_Hall
Legend Legend
Legend

The legacy DShield Dynamic Object has been replaced (and significantly enhanced) by the newer Custom Intelligence Feeds which is SecureXL-friendly and described here:

sk132193: What is the "Custom Intelligence Feeds" feature?

Some of the more popular block lists (and not just DShield) were rolled up by some community tools described here:

Dynamic Block Lists for Check Point firewalls

http://opendbl.net/#checkpoint.html

Keep in mind that all DShield disabling templating does is keep Accept templates from being formed, which are essentially cached rule base lookups; it has no effect on whether traffic is able to go slowpath/fastpath/medium path through the firewall.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
the_rock
Legend
Legend

Just curious, is below on or off?

Andy

 

Screenshot_1.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events