How to permanently disable SecureXL for a specific VS

book

Article ID: 168083

calendar_today

Updated On:

Products

XOS

Issue/Introduction

Instructions how to permanently disable SecureXL for a specific VSX Virtual System on Crossbeam X-series.

Occasionally SecureXL must be disabled for a specific VS on Check Point VSX. This article shows how to modify the VSX startup script so that SecureXL is disabled after a VSX restart, and the action is reported properly in syslog.

Cause

Check Point Knowledgebase article sk31933 provides a procedure to enable SecureXL acceleration for a specific VS by adding the fwaccel command in $FWDIR/bin/fwstart_vsx.

This solution is applicable on the Crossbeam platform but a minor modification is required. The Crossbeam X-Series platform implements a centralized log on the CPM. It is recommended to use a logger rather that to echo directly into a file on the VAP. The logger sends the log message via syslog to the CPM where it is saved in /var/log/messages.

Resolution

The following code disables acceleration on VS 2 and reports the action via syslog:

###

fwaccel -vs 2 off

logger -t fwstart_vsx "SecureXL has been turned off for VS_ID 2"

exit

###

Workaround

N/A