Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jonas_Meineke
Explorer

nac_max_enforced_identities parameter in fwkern.conf

Hi,

we've been having this parameter occuring for quite some time now, at first for 80.40 machines with Take ~ >100 and now also for 80.30 (atleast on Jumbo 236).

There is only one community post about it:
https://community.checkpoint.com/t5/Security-Gateways/fwkern-conf-modified-at-boot/td-p/115506

and also only one SK where it is mentioned at all (But it's referring to typos and syntax):
https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk173544

The default value seems to be 30k, which it is set to 90k automatically after rebooting the gateway.

The HCP on Jumbo 236 is not able to handle the parameter properly (ERROR: Parameter not supported or typo issue),
but as it is the only value in our fwkern.conf that shouldn't be too much of an issue:

#cat $FWDIR/boot/modules/fwkern.conf
nac_max_enforced_identities=90000

Should be some IA related value, but I don't think that this value will ever be relevant to our relatively small company.

Has any of you looked further into this and maybe knows what it does and why it is changed?
Maybe anyone did in fact open a TAC case for this and already got an explaining answer 😉


Best Regards,
Jonas

0 Kudos
3 Replies
This widget could not be displayed.