- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi,
we've been having this parameter occuring for quite some time now, at first for 80.40 machines with Take ~ >100 and now also for 80.30 (atleast on Jumbo 236).
There is only one community post about it:
https://community.checkpoint.com/t5/Security-Gateways/fwkern-conf-modified-at-boot/td-p/115506
and also only one SK where it is mentioned at all (But it's referring to typos and syntax):
https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk173544
The default value seems to be 30k, which it is set to 90k automatically after rebooting the gateway.
The HCP on Jumbo 236 is not able to handle the parameter properly (ERROR: Parameter not supported or typo issue),
but as it is the only value in our fwkern.conf that shouldn't be too much of an issue:
#cat $FWDIR/boot/modules/fwkern.conf
nac_max_enforced_identities=90000
Should be some IA related value, but I don't think that this value will ever be relevant to our relatively small company.
Has any of you looked further into this and maybe knows what it does and why it is changed?
Maybe anyone did in fact open a TAC case for this and already got an explaining answer 😉
Best Regards,
Jonas
The parameter is related to global kernel tables infrastructure and not Identity Awareness. It is indeed set automatically during boot sequence, and the correct value is 90000. If you have any issue with that, please open a TAC case, otherwise, please live as is.
Hi Val,
that's good to know atleast; We didn't plan to remove it (as I think it will be reset again anyway), since we didn't face any issues.
We just wanted to know where it comes from and what it in fact does, or rather, why it should be relevant to us.
As there is no explanation about this parameter anywhere on the usual Check Point sites.
Kinda strange to me, that it is written to the fwkern.conf during reboot, instead of changing the default value directly.
I just gave you one, didn’t I? It is a parameter related to new global kernel tables architecture. This is all you need to know. 🙂
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY