This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ven
Participant
‎2023-07-11 02:28 AM

Accept Templates : disabled by Firewall- Template offloads disabled by IPS protect

Hi Experts, 

While checking the Acceleration templates status I see that the templates are disabled by firewall.  How to enable the templates again  ? 

Enabled_blades :  fw av ips anti_bot mon 

This is Check Point's software version R81.10 - Build 035
kernel: R81.10 - Build 036

+---------------------------------------------------------------------------------+
|Id|Name |Status |Interfaces |Features |
+---------------------------------------------------------------------------------+
|0 |KPPAK |enabled |Mgmt,Sync,eth4-01, |Acceleration,Cryptography |
| | | |eth2-02,eth2-04,eth4-02, | |
| | | |eth4-03 |Crypto: Tunnel,UDPEncap,MD5, |
| | | | |SHA1,3DES,DES,AES-128,AES-256,|
| | | | |ESP,LinkSelection,DynamicVPN, |
| | | | |NatTraversal,AES-XCBC,SHA256, |
| | | | |SHA384,SHA512 |
+---------------------------------------------------------------------------------+

Accept Templates : disabled by Firewall
Template offloads disabled by IPS protections: storm center
Drop Templates : enabled
NAT Templates : disabled by Firewall
Template offloads disabled by IPS protections: storm center
LightSpeed Accel : disabled

Accelerated conns/Total conns : 197/284 (69%)
LightSpeed conns/Total conns : 0/284 (0%)
Accelerated pkts/Total pkts : 104951089/122373677 (85%)
LightSpeed pkts/Total pkts : 0/122373677 (0%)
F2Fed pkts/Total pkts : 17422588/122373677 (14%)
F2V pkts/Total pkts : 1039356/122373677 (0%)
CPASXL pkts/Total pkts : 0/122373677 (0%)
PSLXL pkts/Total pkts : 76385911/122373677 (62%)
CPAS pipeline pkts/Total pkts : 0/122373677 (0%)
PSL pipeline pkts/Total pkts : 0/122373677 (0%)
CPAS inline pkts/Total pkts : 0/122373677 (0%)
PSL inline pkts/Total pkts : 0/122373677 (0%)
QOS inbound pkts/Total pkts : 0/122373677 (0%)
QOS outbound pkts/Total pkts : 0/122373677 (0%)
Corrected pkts/Total pkts : 0/122373677 (0%)

 

 

 

0 Kudos
3 Replies
_Val_
Admin
Admin
‎2023-07-11 04:30 AM

Templates are disabled by using the StormCenter feature in IPS. You need to review your policy and see if you can live without DShield StormCenter enabled.

If you need an official answer about this, please open a TAC ticket through https://help.checkpoint.com

Timothy_Hall
Legend Legend
Legend
‎2023-07-11 05:33 AM

The legacy DShield Dynamic Object has been replaced (and significantly enhanced) by the newer Custom Intelligence Feeds which is SecureXL-friendly and described here:

sk132193: What is the "Custom Intelligence Feeds" feature?

Some of the more popular block lists (and not just DShield) were rolled up by some community tools described here:

Dynamic Block Lists for Check Point firewalls

http://opendbl.net/#checkpoint.html

Keep in mind that all DShield disabling templating does is keep Accept templates from being formed, which are essentially cached rule base lookups; it has no effect on whether traffic is able to go slowpath/fastpath/medium path through the firewall.

 

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
the_rock
Legend
Legend
‎2023-07-11 06:17 AM

Just curious, is below on or off?

Andy

 

Screenshot_1.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top