Working with Kernel Parameters on Security Gateway
Next Generation Security Gateway Guide R80.20 | 554
SecureXL Kernel Parameters
To change the internal default behavior of SecureXL or to configure special advanced settings for
SecureXL, you can use SecureXL kernel parameters.
The names of applicable SecureXL kernel parameters and their values appear in various SK
articles in Support Center http://supportcenter.checkpoint.com, and provided by Check Point
Support.
Important
• The names of SecureXL kernel parameters are case-sensitive.
• You
cannot
configure SecureXL kernel parameters on-the-fly with the fw ctl set command.
You must configure them only permanently in the special configuration file
($PPKDIR/conf/simkern.conf).
Schedule a maintenance window, because this procedure requires a reboot.
• For some SecureXL kernel parameters, you
cannot
get their current value on-the-fly with the
fw ctl get command (see sk43387
http://supportcontent.checkpoint.com/solutions?id=sk43387).
• In a Cluster, you must always configure all the Cluster Members in the same way.
Examples of SecureXL kernel parameters
Integer
num_of_sxl_devices
sim_ipsec_dont_fragment
tcp_always_keepalive
sim_log_all_frags
simple_debug_filter_dport_1
simple_debug_filter_proto_1
String
simple_debug_filter_addr_1
simple_debug_filter_daddr_2
simlinux_excluded_ifs_list
To see the list of the available SecureXL
integer
kernel parameters and their values on
your Security Gateway:
1 Connect to the command line on your Security Gateway.
2 Log in to the Expert mode.
3 Get the list of the available integer kernel parameters and their values:
[Expert@MyGW:0]# modinfo -p $PPKDIR/boot/modules/sim_kern*.o | sort
-u | grep _type | awk 'BEGIN {FS=":"} ; {print $1}' | xargs -
ctl get int 1>> /var/log/sxl_integer_kernel_parameters.txt 2>>
/var/log/sxl_integer_kernel_parameters.txt
4 Analyze the output file:
/var/log/sxl_integer_kernel_parameters.txt
To Next Page
Loading...
