Heiko Ankenbrand

New SecureXL path in R80.20 (CPASXL)

Discussion created by Heiko Ankenbrand Champion on Sep 27, 2018
Latest reply on Jan 8, 2019 by Valeri Loukine

What I notice more and more in the last years is CPAS (Check Point Active Streaming). With increased https, the firewall workers are more and more stressed if https inspection is enabled. Now also CPAS use the SecureXL path in R80.20. CPAS works through the F2F path in R80.10 and R77.30. Now CPASXL is offered in SecureXL path in R80.20. This should lead to a higher performance. "fwaccel stats -s" shows the new path in R80.20. I think PXL was renamed to PSLXL. This is from my point of view the politically correct better term.


Check Point Active Streaming active streaming allow the changing of data and play the role of “man in the middle”. Several protocols uses CPAS, for example: Client Authentication, VoIP (SIP, Skinny/SCCP, H.323, etc.), Data Leak Prevention (DLP) blade, Security Servers processes, etc. I think it's not to be underestimated in tuning.


# fwaccel stats -s


We have already discussed this here with Timothy Hall Security Gateway Performance Optimization Excerpt.


Maybe Check Point can give us more information here.


I had adapt CPASXL and PSLXL to the following article:

R80.x Security Gateway Architecture (Logical Packet Flow) 

R80.x Security Gateway Architecture (Content Inspection)