Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mickkel2179
Contributor

SecureXL and SSH

We migrated to a pair of 16Ks running VSX. When we created the new VS and launched it successfully, everything works fine but one issue, a user can't ssh to his server when SecureXL is enabled. When it's disabled (fwaccel off) it works and they can SSH. MTU is currently set to 1500.  

0 Kudos
6 Replies
AaronCP
Advisor

Hey @mickkel2179,

 

You can bypass SecureXL for specific connections or ports by following SK104468 

 

I know this doesn't address the underlying issue, but may act as a temporary workaround whilst you troubleshoot the problem.

0 Kudos
mickkel2179
Contributor

Hey Aaron,

 Thanks for the response, really appreciate it! The client has to many IPs to list in order to use this feature. Right now we have a ticket in with R&D .. let's see how that unravels. 

the_rock
Legend
Legend

I agree with @AaronCP , but as you said, if there are too many IP addresses, then see what R&D says.

Chris_Atkinson
Employee Employee
Employee

Which version & JHF is used?

If disabling secureXL resolves a symptom it's typically a bug and needs to be investigated with TAC.

CCSM R77/R80/ELITE
0 Kudos
mickkel2179
Contributor

Hey Chris,

 The client is on 81.10 335 build and JHF Take 66

0 Kudos
PhoneBoy
Admin
Admin

You can disable SecureXL (or more accurately prevent templating) for a specific service.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 
Specifically, you'll add the SSH port (22) to the tcp_f2f_ports table. 

However, as stated by others on this thread, if disabling SecureXL "solves" a problem, it's likely a bug and the TAC should be engaged.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events