SecureXL configuration mismatch across cluster members for Check Point

Vendor

Check Point

Description

Indeni will identify when two devices are part of a cluster and alert if the SecureXL settings are different for different VS's.

Remediation Steps

Compare the output of "fwaccel stat" across members of the cluster, make sure to run the command in the correct vsenv context.

How does this work?

By using the Check Point built-in "fwaccel stat" command, the current status of SecureXL is retrieved.

Why is this important?

SecureXL is used to accelerate traffic. If it is disabled it could result in a reduction in the amount of throughput the device can handle. If used in a clustered environment, the user must ensure all members of the cluster have the same setting.

Without Indeni how would you find this?

An administrator could login and manually run the command.

View Source Code
single