This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Rahul_Borah
Contributor
‎2022-03-05 05:07 AM

Traffic not accelerated by Secure XL-0%

 

Hi mates,

I am facing an issue with secure XL. Traffics not accelerated by Secure XL. F2Fed is 99%

Kindly suggest. Screenshot attached.

Version: R81

Blade: IPS and FW

Rule:350

RAM: 8 GB (85% used)

 

Regards,

RB

 

 

Preview file
66 KB
0 Kudos
5 Replies
Chris_Atkinson
Employee
Employee
‎2022-03-05 05:15 AM

Is the WAN connection PPPoE?

Or are you using any of the following IPS protections:

* When IPS protection "SYN Attack" ("SYNDefender") is activated in SmartDefense / IPS.

* When IPS protection "Small PMTU" is activated in SmartDefense / IPS.

* When IPS protection "Network Quota" is activated in SmartDefense / IPS (refer to sk31630).

* When IPS protection "Malicious IPs" (DShield.org Storm Center) is activated in SmartDefense / IPS (because it uses Dynamic Objects).

Please also share the following output to start:

[Expert@MyGW:0]# fwaccel stat

0 Kudos
Rahul_Borah
Contributor
‎2022-03-05 06:43 AM
In response to Chris_Atkinson

Hi Chris,

Please find the details...

* Is the WAN connection PPPoE? NO

* When IPS protection "SYN Attack" ("SYNDefender") is activated in SmartDefense / IPS. Enabled

* When IPS protection "Small PMTU" is activated in SmartDefense / IPS. Inactive

* When IPS protection "Network Quota" is activated in SmartDefense / IPS (refer to sk31630). Inactive

* When IPS protection "Malicious IPs" (DShield.org Storm Center) is activated in SmartDefense / IPS (because it uses Dynamic Objects). Inactive

Screenshot attached...

 

Preview file
55 KB
0 Kudos
Timothy_Hall
Champion
Champion
‎2022-03-05 06:51 AM
In response to Rahul_Borah

The only red flag is SYNDefender being enabled, but that functionality was added into SecureXL in R80.20 and should not be the cause of high F2F.  sk120476: Important changes in IPS "SYN Attack" (SYN Defender) protection

Was the fwaccel stats -s command run on the standby member of a cluster?  If so high F2F is expected.

Please provide the output of enabled_blades and the Super Seven commands for further diagnosis:

https://community.checkpoint.com/t5/Scripts/S7PAC-Super-Seven-Performance-Assessment-Commands/m-p/40...

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Rahul_Borah
Contributor
‎2022-03-05 07:00 AM
In response to Timothy_Hall

Hi,


Please find the details...

Was the fwaccel stats -s command run on the standby member of a cluster? If so high F2F is expected.
A- Yes, F2F is 99%

Please provide the output of enabled_blades and the Super Seven commands for further diagnosis:
A- Only FW and IPS blads are enable

0 Kudos
Chris_Atkinson
Employee
Employee
‎2022-03-05 07:10 AM
In response to Rahul_Borah

This is expected on the standby member.

Review the stats on the active member instead.

0 Kudos