This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hermano_Pereira
Participant
‎2018-01-14 11:12 AM
Jump to solution

AES-NI

Hello,

Anyone knows how to check in GAIA if AES-NI is enabled on supported appliances and open-servers?

The flag is not present in cpuinfo...

Thanks!

0 Kudos
1 Solution

Accepted Solutions
Matthew_Johnson
Employee
Employee
‎2019-02-21 04:37 AM
Jump to solution

run dmesg and grep for aes-ni

VPN-1: AES-NI is supported on this hardware

View solution in original post

0 Kudos
6 Replies
Pablo_Barriga
Advisor
‎2018-01-14 05:28 PM
Jump to solution

Hello this could be helpful

Check Point supports AES-NI on the following appliances (only when running Gaia OS with 64-bit kernel):

ApplianceStarting in
3100 / 3200R77.30 for 3000
5600 / 5800R77.30 for 5000
12400 / 12600R76
13500 / 13800R76
15400 / 15600R77.30 for 15000
21400 / 21600 / 21700 / 21800R76
23500 / 23800R77.30 for 23000
41000 / 61000R76SP
44000 / 64000R76SP.50

On these appliances, AES-NI is enabled by default. AES-NI is also supported on Open Servers. Make sure that Gaia OS is running in 64-bit mode.

Official Document 

sk105119

Hermano_Pereira
Participant
‎2018-01-15 02:25 AM
In response to Pablo_Barriga
Jump to solution

Thank you Pablo!

It´s because of that information that i´m wondering how to check in GAIA if it is really enabled...

In a regular linux, cat /proc/cpuinfo shows if the instruction is present with the flag "aes"...

My gateways are running R80.10 on AES-NI supported appliances and open-servers.

Thanks!

0 Kudos
Matthew_Johnson
Employee
Employee
‎2019-02-21 04:37 AM
Jump to solution

run dmesg and grep for aes-ni

VPN-1: AES-NI is supported on this hardware

0 Kudos
Hermano_Pereira
Participant
‎2019-02-22 10:41 AM
In response to Matthew_Johnson
Jump to solution

Thank you Matthew!

I get the output in appliances! Not on open-servers... I wonder why!? On the same machines with regular linux the instruction is there.

Regards

0 Kudos
Timothy_Hall
Champion Champion
Champion
‎2021-02-12 05:44 AM
In response to Matthew_Johnson
Jump to solution

The dmesg method of detecting AES-NI support stopped working in R80.40, although the firewall code is still actively taking advantage of AES-NI.  See sk170779: AES-NI commands no longer work in R80.40

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Timothy_Hall
Champion Champion
Champion
‎2021-06-11 07:41 AM
In response to Timothy_Hall
Jump to solution

To update this old thread for posterity, the fw ctl get int AESNI_is_supported command can be used in R80.40 Jumbo HFA 100+ and R81 Jumbo HFA 13+ to check for the presence of AES-NI support.  See sk170799 which as been updated recently.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Thu 25 Apr 2024 @ 10:00 AM (CEST)

    The Anatomy of a Cloud Hack by NotSoSecure - EMEA Session

    Thu 25 Apr 2024 @ 06:00 PM (IDT)

    The Anatomy of a Cloud Hack by NotSoSecure - America Session
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    Virtual

    Thu 02 May 2024 @ 05:00 PM (CEST)

    SASE Masters: Deploying Harmony SASE for a 6,000-Strong Workforce in a Single Weekend
    CheckMates Events