This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PhongNN
Contributor
‎2020-07-13 04:05 AM
Jump to solution

SecureXL: fwaccel stat command does not show which rule disabled SecureXL

Hi all

I run the fwaccel stat command but i do not see which rule disabled SecureXL

[Expert@DC-Outbound-Fw-02:0]# fwaccel stat
+-----------------------------------------------------------------------------+
|Id|Name |Status |Interfaces |Features |
+-----------------------------------------------------------------------------+
|0 |SND |enabled |eth1-01,eth1-02,eth1, |
| | | |eth2,eth8,Sync |Acceleration,Cryptography |
| | | | |Crypto: Tunnel,UDPEncap,MD5, |
| | | | |SHA1,NULL,3DES,DES,CAST, |
| | | | |CAST-40,AES-128,AES-256,ESP, |
| | | | |LinkSelection,DynamicVPN, |
| | | | |NatTraversal,AES-XCBC,SHA256 |
+-----------------------------------------------------------------------------+

Accept Templates : disabled by Firewall
Layer ---Drop Templates : enabled
NAT Templates : disabled by Firewall
Layer ---

I ran R80.30 version

Is it expected behavior ?

Thank you

Regards

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Legend Legend
Legend
‎2020-07-13 07:21 AM
Jump to solution

This is a known issue, the name of your Network policy layer is too long.  If you shorten it to under 32 characters the fwaccel stat display should work properly again.

sk145533: "Layer ---" is displayed instead of specific layer name and rule number in output of 'fwac...

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm

View solution in original post

3 Replies
_Val_
Admin
Admin
‎2020-07-13 04:43 AM
Jump to solution

The normal output for R80.10 and up should look like this:

Accept Templates   : disabled by Firewall
                     Layer <Name_of_Layer> disables template offloads from rule #<N>
                     Throughput acceleration still enabled.

However, some features on FW can disable templating altogether, for example Network quota.

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2020-07-13 07:21 AM
Jump to solution

This is a known issue, the name of your Network policy layer is too long.  If you shorten it to under 32 characters the fwaccel stat display should work properly again.

sk145533: "Layer ---" is displayed instead of specific layer name and rule number in output of 'fwac...

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
krit
Participant
‎2020-09-28 12:07 AM
In response to Timothy_Hall
Jump to solution

Dear Mr. Hall,

Thank you for this reply, it resolved the same issue I had.

Just to add that the initial policy name was 26 chars and I shortened it to 16 in order to be displayed properly ( R80.20 environment )

Best Regards,

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events