Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
JDCasCruz
Contributor
Jump to solution

Fast Accel is not working in QS 1800

Hello team,

We are trying to use the Secure XL Fast Accel feature on our 1800 Gateways. For this we followed sk156672, enabled the feature and created a general rule to speed up user traffic to the proxy, installed the policies and nothing happened with the hit count after a few days (attached image).

Can someone help us to know what is wrong?

We're wotking with a Cluster XL with two 1800 in high availability, the OS version is R81.10.10 945. We work only with the FW blade.

Quantum Spark (SMB) 

Regards.

0 Kudos
1 Solution

Accepted Solutions
Amir_Ayalon
Employee
Employee

Hi Guys

Fast Accel suppose to be supported on Spark.

See screenshot for configuration on locally managed.

on centrally managed it is also suppose to work. if it doesn't please open a Task and we will look into it

thanks

 

 

 

View solution in original post

0 Kudos
10 Replies
G_W_Albrecht
Legend Legend
Legend

Afaik this is not a GAiA Embedded feature, here we only have Smart Accel:

https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Locally_Managed/EN/Content/Topics/Smar...

https://sc1.checkpoint.com/documents/SMB_R81.10.X/CLI/EN/Content/Topics/Configuring-Smart-Accel-Sett...

...and only on locally managed SMBs. As sk156672 does not cover any SMB firmware versions, there is a reason to assume that.

 

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
JDCasCruz
Contributor

This would be bad, but could it be confirmed somehow?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Look into https://sc1.checkpoint.com/documents/SMB_R81.10.X/CLI/EN/Content/Topics/Configuring-Smart-Accel-Sett... for configuration of Smart Accel.

And that is what it is - you can always open an informational SR# with CP TAC, if you need official confirmation, but:

- sk156672 only mentions GAiA systems, not GAiA Embedded

- Smart and Fast Accel on SMB would rather be a kind of overkill, a second Accel function does not make sense, especially on SMB....

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
JDCasCruz
Contributor

Hello,

I did not remember to mention that the cluster is centrally managed and Smart Accel has this note:

Note - This setting only applies to locally managed devices.

So I'm stuck again. Are there any best practice guidelines for improving SMB performance?

Thanks in advance.

 

0 Kudos
Timothy_Hall
Legend Legend
Legend

Yep:

https://community.checkpoint.com/t5/SMB-Gateways-Spark/Brief-introduction-to-SMB-performance-tuning/...

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
PhoneBoy
Admin
Admin

fast_accel can certainly be used to accelerate trusted flows (ensure it is processed in fastpath, not medium path).
It looks like you can manually tune the number of CoreXL instances: https://support.checkpoint.com/results/sk/sk174423 
If the issue with load is with SND processes, then reducing the number of CoreXL instances might help. 

Timothy_Hall
Legend Legend
Legend

Also bear in mind that if the traffic has to go F2F/slowpath for some reason, fast-accel will not work.  Only Medium Path (passive & active streaming) can be forced into the fastpath with fast-accel. On R81+ standard gateways you can use the command fw tab -u -t connections -z to see what connections are F2F/slowpath and the reason they are being handled there; not sure if this command works on SMB or what the equivalent command would be.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
JDCasCruz
Contributor

The command works, I am getting a quite reasonable output, where the connections from users to the proxy look like this:

localhost:
Dir Source IP SPort Destination IP DPort PR FW State
--- --------------- ----- --------------- ----- -- ---------------
1 userIP 55923 ProxyIP 8080 6 Link

And also by executing the command fwaccel conns I can see the connections from users to the proxy.

0 Kudos
PhoneBoy
Admin
Admin

The sk does not explicitly mention if fast_accel is supported on Quantum Spark or not.
@Amir_Ayalon ?

0 Kudos
Amir_Ayalon
Employee
Employee

Hi Guys

Fast Accel suppose to be supported on Spark.

See screenshot for configuration on locally managed.

on centrally managed it is also suppose to work. if it doesn't please open a Task and we will look into it

thanks

 

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events