This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Rahul_Borah
Contributor
‎2022-03-05 05:07 AM

Traffic not accelerated by Secure XL-0%

 

Hi mates,

I am facing an issue with secure XL. Traffics not accelerated by Secure XL. F2Fed is 99%

Kindly suggest. Screenshot attached.

Version: R81

Blade: IPS and FW

Rule:350

RAM: 8 GB (85% used)

 

Regards,

RB

 

 

Preview file
66 KB
0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-03-05 05:15 AM

Is the WAN connection PPPoE?

Or are you using any of the following IPS protections:

* When IPS protection "SYN Attack" ("SYNDefender") is activated in SmartDefense / IPS.

* When IPS protection "Small PMTU" is activated in SmartDefense / IPS.

* When IPS protection "Network Quota" is activated in SmartDefense / IPS (refer to sk31630).

* When IPS protection "Malicious IPs" (DShield.org Storm Center) is activated in SmartDefense / IPS (because it uses Dynamic Objects).

Please also share the following output to start:

[Expert@MyGW:0]# fwaccel stat

CCSM R77/R80/ELITE
0 Kudos
Rahul_Borah
Contributor
‎2022-03-05 06:43 AM
In response to Chris_Atkinson

Hi Chris,

Please find the details...

* Is the WAN connection PPPoE? NO

* When IPS protection "SYN Attack" ("SYNDefender") is activated in SmartDefense / IPS. Enabled

* When IPS protection "Small PMTU" is activated in SmartDefense / IPS. Inactive

* When IPS protection "Network Quota" is activated in SmartDefense / IPS (refer to sk31630). Inactive

* When IPS protection "Malicious IPs" (DShield.org Storm Center) is activated in SmartDefense / IPS (because it uses Dynamic Objects). Inactive

Screenshot attached...

 

Preview file
55 KB
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2022-03-05 06:51 AM
In response to Rahul_Borah

The only red flag is SYNDefender being enabled, but that functionality was added into SecureXL in R80.20 and should not be the cause of high F2F.  sk120476: Important changes in IPS "SYN Attack" (SYN Defender) protection

Was the fwaccel stats -s command run on the standby member of a cluster?  If so high F2F is expected.

Please provide the output of enabled_blades and the Super Seven commands for further diagnosis:

https://community.checkpoint.com/t5/Scripts/S7PAC-Super-Seven-Performance-Assessment-Commands/m-p/40...

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Rahul_Borah
Contributor
‎2022-03-05 07:00 AM
In response to Timothy_Hall

Hi,


Please find the details...

Was the fwaccel stats -s command run on the standby member of a cluster? If so high F2F is expected.
A- Yes, F2F is 99%

Please provide the output of enabled_blades and the Super Seven commands for further diagnosis:
A- Only FW and IPS blads are enable

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-03-05 07:10 AM
In response to Rahul_Borah

This is expected on the standby member.

Review the stats on the active member instead.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events