Create a Post
Showing results for 
Search instead for 
Did you mean: 

fwaccel dos config - Persist through reboot?

Hey guys,


I am working to enable Penalty Box on my perimeter gateways, and I'm having trouble finding information on how to make the fwaccel dos config commands persist through a reboot. I have followed sk112454 to modify $FWDIR/bin/fwaccel_dos_rate_install with the commands listed below, rebooted the gateway, and if I run a 'fwaccel dos config get', it still shows everything as disabled.




$FWDIR/bin/fwaccel dos config set --enable-pbox

$FWDIR/bin/fwaccel dos whitelist -B

$FWDIR/bin/fwaccel dos pbox whitelist -B

$FWDIR/bin/fwaccel dos config set --disable-internal

$FWDIR/bin/fwaccel dos config set --enable-log-pbox

$FWDIR/bin/fw samp get -l -k req_type -t in -v quota | $FWDIR/bin/fwaccel dos rate install

if [[ -e $FWDIR/bin/fwaccel6 ]]; then

  $FWDIR/bin/fwaccel6 dos whitelist -B

  $FWDIR/bin/fwaccel6 dos pbox whitelist -B

  $FWDIR/bin/fw samp get -l -k req_type -t in -v quota | $FWDIR/bin/fwaccel6 dos rate install




0 Kudos
4 Replies

In sk112454 - How to configure Rate Limiting rules for DoS Mitigation we read:

Except for rate limiting policy rules, configuration changes made using the "fwaccel dos" command are *not* automatically saved. To make the changes permanent, IPv4 commands can be added to the following shell script on the security gateway:


Likewise, IPv6 commands can be added to the following script:


This shell script is executed whenever IPv6 rate limiting policy is installed, including system startup.


  • For reliable execution at startup, hotfix PRHF-5797 is recommended.
  • The script must have executable permissions (chmod +x $FWDIR/conf/fwaccel_dos_rate_on_install).
  • fwaccel_dos_rate_on_install should contain only IPv4-related commands.
  • fwaccel6_dos_rate_on_install should contain only IPv6-related commands.
  • "fw samp" or "fwaccel dos rate" commands must never be added to this file (they are saved automatically regardless).

I tried what is mentioned in that SK and ran into the same issue where the settings didn't persist through a reboot. One thing I also noticed is that the SK mentioned has the file named as fwaccel_dos_rate_on_install, whereas the file on my gateway is named fwaccel_dos_rate_install. Not sure if that has anything to do with my settings reverting upon reboot.

0 Kudos

Hi all,


There is a typo in the SK:

It should be $FWDIR/conf/fwaccel_dos_rate_on_install.


We are working to fix the SK.


Thanks for the feedback.

0 Kudos

The SK updated.

0 Kudos