Can't be permenantly disabled on R80.20 sadly no option in cpconfig.

You could try something: On boot, the bash script$FWDIR/bin/fwstart is called. Here we find the line:

$CPDIR/bin/cpprod_util FwSetSecureXL 1

If you do

[Expert@Hostname]# cp $FWDIR/bin/fwstart  $FWDIR/bin/fwstart_ORIGINAL

and change that to

$CPDIR/bin/cpprod_util FwSetSecureXL 0

in $FWDIR/bin/fwstart, it is set to off instead...

I shall give that a try, thank you!

So I gave that a try. It seemed to break a lot of things..

It looked like it didn't load the driver at all, and I can only guess that R80.20 relies on it moreso than before - no network traffic passing through the box. Had to revert back for the moment - good shout though.

Yes, and we both are throughly convinced that it is not supported 😉

I'd thought as much, making these sorts of changes - It's not for a critical environment so I'm happy to do things like this, as remembering to flip SXL off each time at boot is more of a pain.

More of a moan towards CP for having conflicting features!

Yep that's what I've done!

Here's my script:

#!/bin/sh
source /etc/profile.d/CP.sh
/opt/CPsuite-R80.20/fw1/bin/fwaccel off > /dev/null 2>&1
/opt/CPsuite-R80.20/fw1/bin/fwaccel6 off > /dev/null 2>&1
exit

Seems to work, SXL flipped back on again a while afters but I think it's unrelated.. I swear the cron scheduler never used to provide the option of "At startup" although @reboot has been around since - forever..

Yes, i just did remember in the back of my mind something similar, had a look there and - emacs !

So you could mark mine as the correct answer  !

Wow, I somewhat randomly came across this thread when searching to see if there was any way to allow SecureXL to run, but not actually do anything as I would like to have the monitoring visibility of SNMP and Netflow but without the random network communication breakage that seems to resul with it on when using NAT and routed vpnt to vpnt traffic (ie. a WAN tier transport devices and even my client "VPN hub" tier devices).  It's an unpleasant surprise to find that the option to turn of secureXL is gone in R80.20 and up versions, but obviously much better than finding out as a surprise after upgrading to R80.20.   Did you end up getting a satisfactory solution to this or am I staying on R80.10 for a number of my devices, also bad?

Any details as to how you resolved is appreciated, as well as how stable the solution appears to be.

FYI:
SecureXL has been significantly revised in R80.20. It now works in user space. This has also led to some changes in "fw monitor", The SecureXL driver takes a certain amount of kernel memory per core and that was adding up to more kernel memory than Intel/Linux was allowing.

More infos here:

R80.x Security Gateway Architecture (Logical Packet Flow)

Tried this on an R80.30 box.

You need to allow adequate time between the cron job running and SXL SND coming up as the former comes before the latter during boot; adding a sleep achieves this (thanks Tyler).

#!/bin/sh
sleep 60
source /etc/profile.d/CP.sh
/opt/CPsuite-R80.30/fw1/bin/fwaccel off > /dev/null 2>&1
/opt/CPsuite-R80.30/fw1/bin/fwaccel6 off > /dev/null 2>&1
exit