fw_accel selectively working

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

May the 4th (+4)
Navigating Paradigm Shifts in Cyber

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

I am running into an issue where the fw_accel rules are not catching a particular elephant flow.

I am running Gaia 80.30 take 200 on Checkpoint 12600 appliances.

I have used the fw_accel rules to accelerate certain elephant flows that i have identified. However, one particular flow, or more accurately, one source address and destination port pair doesn't get accelerated even though the rules are in place.

Has anyone had an issue where ssh on standard port 22 does not get captured properly by fw_accel rules?

I have other flows being captured and accelerated properly, so i know that the fw_accel service is running and the rule syntax is correct. I have tried a very specific rule with both source and destination configured with /32 masks and i have tried more general masks to try to capture the traffic, however the hit count continuously shows zero and the flows continue to show up in the output of "fw ctl multik print_heavy_conn"

I am starting to think it might just be an issue with ssh?