Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rahul_Borah
Contributor

Traffic not accelerated by Secure XL-0%

 

Hi mates,

I am facing an issue with secure XL. Traffics not accelerated by Secure XL. F2Fed is 99%

Kindly suggest. Screenshot attached.

Version: R81

Blade: IPS and FW

Rule:350

RAM: 8 GB (85% used)

 

Regards,

RB

 

 

0 Kudos
5 Replies
Chris_Atkinson
Employee
Employee

Is the WAN connection PPPoE?

Or are you using any of the following IPS protections:

* When IPS protection "SYN Attack" ("SYNDefender") is activated in SmartDefense / IPS.

* When IPS protection "Small PMTU" is activated in SmartDefense / IPS.

* When IPS protection "Network Quota" is activated in SmartDefense / IPS (refer to sk31630).

* When IPS protection "Malicious IPs" (DShield.org Storm Center) is activated in SmartDefense / IPS (because it uses Dynamic Objects).

Please also share the following output to start:

[Expert@MyGW:0]# fwaccel stat

0 Kudos
Rahul_Borah
Contributor

Hi Chris,

Please find the details...

* Is the WAN connection PPPoE? NO

* When IPS protection "SYN Attack" ("SYNDefender") is activated in SmartDefense / IPS. Enabled

* When IPS protection "Small PMTU" is activated in SmartDefense / IPS. Inactive

* When IPS protection "Network Quota" is activated in SmartDefense / IPS (refer to sk31630). Inactive

* When IPS protection "Malicious IPs" (DShield.org Storm Center) is activated in SmartDefense / IPS (because it uses Dynamic Objects). Inactive

Screenshot attached...

 

0 Kudos
Timothy_Hall
Champion
Champion

The only red flag is SYNDefender being enabled, but that functionality was added into SecureXL in R80.20 and should not be the cause of high F2F.  sk120476: Important changes in IPS "SYN Attack" (SYN Defender) protection

Was the fwaccel stats -s command run on the standby member of a cluster?  If so high F2F is expected.

Please provide the output of enabled_blades and the Super Seven commands for further diagnosis:

https://community.checkpoint.com/t5/Scripts/S7PAC-Super-Seven-Performance-Assessment-Commands/m-p/40...

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Rahul_Borah
Contributor

Hi,


Please find the details...

Was the fwaccel stats -s command run on the standby member of a cluster? If so high F2F is expected.
A- Yes, F2F is 99%

Please provide the output of enabled_blades and the Super Seven commands for further diagnosis:
A- Only FW and IPS blads are enable

0 Kudos
Chris_Atkinson
Employee
Employee

This is expected on the standby member.

Review the stats on the active member instead.

0 Kudos