Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Roshan_Sinha
Explorer

Fast accel to be enable in Cluster Gateway

Hi Team,

need your suggestion if we need to enable Fast acceleration rule in Cluster firewall, do i have to enable the same on each firewall manually or if i enable it in Active, it will be replicated in Standby automatically.

 

 

0 Kudos
3 Replies
RamGuy239
Advisor

You should read sk156672. Fast acceleration requires R80.20+ (new SecureXL) and on a firewall cluster, you need to replicate the rules on all cluster members as it's a per gateway configuration.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

(8) Example Usage:
fw ctl fast_accel add 1.1.1.1 2.2.2.0/24 80 6
fw ctl fast_accel delete 192.168.0.0/16 any 8080 17
fw ctl fast_accel add 255.168.240.0/20 255.0.0.0/8 1503 any
fw ctl fast_accel show_table
fw ctl fast_accel enable
fw ctl fast_accel disable


And remember that policy needs to be pushed after the rules have been added for them to take effect. And it will only affect new connections, existing connections will not be re-matched towards fast acceleration rules.

Roshan_Sinha
Explorer

Thank you very much for quick reply and sharing the information. 

0 Kudos
Timothy_Hall
Champion
Champion

Great rundown of the fast_accel feature.  One thing to add is if the traffic cannot be accelerated at all and must go slowpath/F2F (and possibly CPASXL path), the fast_accel will have no effect on the acceleration of the matched traffic. 

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos