Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Mentor
Mentor

VSX not in USFW ?

We did some troubleshooting regarding a problem and detect that we have definite Output of 'fw ctl affinity' does not show FWK affinity to CPU core after upgrade of R80.30 Security ...

cpprod_util FwIsUSFW shows „0“

Some virtual switches, firewalls and a virtual router are running, looks like no problem at the moment. To change this a reboot will be need and we are waiting for a maintenance schedule. 
Please can someone explain if we run in a problem with USFW disabled?

15600 appliance running R80.40 VSX HA

0 Kudos
2 Replies
Chris_Atkinson
Employee
Employee

15600 generally wouldn't have USFW enabled by default, also it's unlikely that you were previously using the 3.10 kernel version of R80.30. With that said VSs are already user mode processes...

What could be made clearer is the interaction between VSX & USFW on such appliance models. Will submit feedback on sk167052 accordingly. 

0 Kudos
shais
Employee
Employee

Hi,

While VSX indeed utilizes USFW infra, it's not registered as USFW.

The registry helps us understand in what mode the setup is - Kernel mode / User mode / VSX
As VSX contains more than the regular USFW, we identify it by using a specific registry and not the User Mode.

This is valid and you should not change the registry unless you are removing VSX and changing to User Space FireWall mode