test in my lab R80.40
in cpconfig:
Configuration Options:
----------------------
(1) Licenses and contracts
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Disable cluster membership for this gateway
(7) Enable Check Point Per Virtual System State
(8) Enable Check Point ClusterXL for Bridge Active/Standby
(9) Check Point CoreXL
(10) Automatic start of Check Point Products
(11) Exit
fwaccel options:
off - disable acceleration (for new connections and tunnels)
on - enable acceleration (for new connections and tunnels)
fwaccal stat
status - enable
You can use fwaccel and it doesn't matter if SecureXL is enabled or not, so the more correct "D".
I think it is C based on the CCSE Book page 407
Use fwaccel command to identify if acceleration is currently deployed for connections in your environment.
Dynamic objects is not dependant on SecureXL, so A is out.
I have SecureXL enabled, and I cannot see this option in CPconfig when I check my firewall.
fwaccel commands can be used regardless if you disable SecureXL or not.
From R80.20 you cannot permanently disable secureXL, so I can unfortunately not verify this on my R81.10 installation.
When having SecureXL enabled, I can still see all flows.
So I have no idea which is the correct answer here, all are wrong according to me.
Unless the question is based on R80.10, where you can permanently disable secureXL.
We need to verify this in R80.10 I guess.
tricky question... the question says "indicate" so I would go with D because it can indeed indicate Secure XL accelrated traffic (among other things). With the -e filter in fw monitor you would not see accelrated traffic but with -F (on 80.20 and above) you would
fwaccel can be used in any case. but fwaccel stat would say for sure if it is enabled or not.
So I would say D is right.
I would say D is the correct answer.
A and B had proven wrong.
For C, fwaccel cmd can be used in clish no matter it is on or off.
D is one of the possible issue when SecureXL enabled.
I would to enlight all of you:
there's no SecureXL option in cpconfig:
GW80.20> cpconfig
This program will let you re-configure
your Check Point products configuration.
Configuration Options:
----------------------
(1) Licenses and contracts
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Disable cluster membership for this gateway
(7) Enable Check Point Per Virtual System State
(8) Enable Check Point ClusterXL for Bridge Active/Standby
(9) Check Point CoreXL
(10) Automatic start of Check Point Products
(11) Exit
fwaccel commands are usable from clish so the answer is correct :)
The answer is correct. Look this command:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk41397
B is the correct answer for R80.10 and for the purpose of this exam.
"The fwaccel [on | off] command is not persistent and SecureXL will be enabled again after a reboot of the system. In R80.10 and below, SecureXL can be permanently disabled through the CPconfig utility."
@angel123 and others, fwaccel on off, does not control cpconfig disable or enable.
when you configure cpconfig 7 disable - you will not be able to fwaccel on.
however starting from 80.20 sxl cannot be disabled permanently even via cpconfig - after reboot it will be on again.
Answer should be B. fwaccel commands are there even if SecureXL is disabled. Answer D can happen due to many reason and doesn't necessarily says SecureXL is enabled.
You can disable SecureXL temporary by issuing the command fwaccel off.
In the same time, cpconfig command will still be showing "(7) Disable Check Point SecureXL
" although it is currently disabled. So, the correct answer is 'D'.
Also, remember that R80.x is able to show all inspection points packets (not only first inspection point) even when accelerated, so there is not need to disable secureXL, however D is not a valid answer under this conditions.
fwaccel works in clish no matter if SecureXL is on or off. (R80.20)
In my opinion, option D is more accurate, seeing as the fw kernel will only notice the initial packet when you run fw monitor with acceleration enabled
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
dash71
Highly Voted 3 years, 2 months agobabochnik
Most Recent 1 year, 1 month agoNSE421
1 year, 2 months agohenkpoa
1 year, 4 months agolordlich
1 year, 6 months agoz8d21oczd
1 year, 6 months agocertcert1
1 year, 11 months agokami1
1 year, 11 months agosaicosocial
1 year, 12 months agoJAckThePip
2 years, 1 month agoCSreventon
2 years, 7 months agoDrTee
2 years, 10 months agoarvendel
2 years, 10 months agoarvendel
2 years, 10 months agoUW
2 years, 11 months agoAngel123
2 years, 11 months agoLyubo
2 years, 12 months agoBerzerk
2 years, 11 months agoBerzerk
2 years, 11 months agoBig_D
3 years, 5 months agoBerzerk
2 years, 11 months ago