Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CP-NDA
Collaborator

SecureXL - No accelerated connections

Hi,

 

We are facing an issue with SecureXL

First of all the output of fwaccel stat were indicating that Accept Templates were disabled by Firewall. After investigation we found that QoS module were active in the Package but blade were disabled on the Gateway. Seems that disabling QoS from the package improved the situation as here is the output now

 

# fwaccel stat
+---------------------------------------------------------------------------------+
|Id|Name |Status |Interfaces |Features |
+---------------------------------------------------------------------------------+
|0 |SND |enabled |eth1,eth1-01,eth1-02, |Acceleration,Cryptography |
| | | |Sync,eth1-03 | |
| | | | |Crypto: Tunnel,UDPEncap,MD5, |
| | | | |SHA1,3DES,DES,AES-128,AES-256,|
| | | | |ESP,LinkSelection,DynamicVPN, |
| | | | |NatTraversal,AES-XCBC,SHA256, |
| | | | |SHA384,SHA512 |
+---------------------------------------------------------------------------------+

Accept Templates : enabled
Drop Templates : enabled
NAT Templates : enabled

# fwaccel stats -s
Accelerated conns/Total conns : 66/29137 (0%)
Accelerated pkts/Total pkts : 68884176/69598302 (98%)
F2Fed pkts/Total pkts : 714126/69598302 (1%)
F2V pkts/Total pkts : 476266/69598302 (0%)
CPASXL pkts/Total pkts : 817/69598302 (0%)
PSLXL pkts/Total pkts : 68672216/69598302 (98%)
CPAS pipeline pkts/Total pkts : 0/69598302 (0%)
PSL pipeline pkts/Total pkts : 0/69598302 (0%)
CPAS inline pkts/Total pkts : 0/69598302 (0%)
PSL inline pkts/Total pkts : 0/69598302 (0%)
QOS inbound pkts/Total pkts : 0/69598302 (0%)
QOS outbound pkts/Total pkts : 0/69598302 (0%)
Corrected pkts/Total pkts : 0/69598302 (0%)

 

As you can see accelerated packets is fine but accelerated conn remain to 0%

What could be the reason of this poor acceleration rate ?

Already involved TAC & followed this SK https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Thank you for your help !

0 Kudos
30 Replies
nickdegroot
Participant

We are facing the same issue. We have several R81 JHF 58 clusters. They do indeed use the same policy and we have some inline layers inside that policy. We do also use Application Control in the unified policy , and also use Application Control objects within the inline layer.

On one cluster we have created a duplicate policy which did not contain inline layers , and after a testing period we have noticed that the CPU load was way lower as it was before when it used the inline layers policy.

 

Is this issue still there in R81.10 or higher?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events