Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ray_Lal
Participant

Missing fwkern.conf. What environment variables are currently running?

Hi all,

I have a customer who's running R77.20 for their G/W's and Logs, and 77.30 for their CMA.

I am upgrading their gateways and logs to R77.30, however the one concern I have is that since they dont have any fwkern.conf files, whatever environment variables they have running will not survive a reboot.

Is there any magic command I can run to do this?

I will be taking a snapshot, but small niggly things could cause alot of headaches weeks down the line.

Thanks.

2 Replies
AlekseiShelepov
Advisor

It is a normal situation - to not have fwkern.conf file. Usually administrators creates this file himself, for these additional kernel settings to survive a reboot, when they are required for sure. If there is no fwkern.conf file and admin doesn't know about any additional parameters, I would assume that they are not needed in this case. Because even in case of power outage they need to somehow restore these parameters.

And did they never reboot their gateways? It is not a good practice for Check Point gateways.

I think this is what you need, but I never used it myself in practice:

Creating a file with all the kernel parameters and their values 

If the solution above is not working, or you want to make sure and verify, you can get a parameter value with fw ctl get int <parameter> command. But for that you need to know the exact name of a parameter. So you can try to find out if some of oftenly used parameters are changed, for example:

fw ctl get int fwha_mac_magic
fw ctl get int fwha_mac_forward_magic

fw ctl get int fwha_forw_packet_to_not_active

Here is a list of some other parameters - Kernel Global Parameters 

And you can try to find some other ones on Support Center in different sk by searching "kernel parameters":

Dynamic NAT port allocation feature 

ClusterXL - CCP packets and fwha_timer_cpha_res kernel parameter 

Ray_Lal
Participant

Thanks for that Aleksei. Some of their gateways have been up for over 900 days, where as the rest have an up-time of between 3-350 days.

Looking at their As-Builds, it doesn't state any such config, however the As-Builds are incorrect, as I've come to learn myself.

Think I'll just bite the bullet then and carry on and list that as a caveat in my documentation.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events