ipsofwd list, will give you the current mode. -GS
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of pkc_mls Sent: Monday, October 01, 2007 7:26 AM To: [email protected] Subject: Re: [FW-1] IPSO nokia FAST/SLOW PATH Paolo www.paoloriviello.com a écrit : > HI ALL, > how can I know if FW-1 is running on nokia ipso in fast or slow path mode ? > > To temporarily disable it, one can issue the command: ipsofwd slowpath This also clears the flows tables. To re-enable it, use the command: ipsofwd flowpath To make this change "permanent,"replace the line in $FWDIR/bin/fwstart that says "ipsofwd flowpath" with "ipsofwd slowpath" in NG FP3 and above. In NG FP2 and earlier releases, add the command "ipsofwd slowpath" just before the exit $err near the end of the $CPDIR/etc/rc-Amu.d/S99cpboot script (In FireWall-1 4.1 and earlier, make the change in $FWDIR/bin/fwstart instead). *This command does not work when SecureXL is enabled in IPSO 3.8 or later. *so you should check your starting scripts and check for the ipsofwd command above. flows (ie fastpath) is enabled by default on 3.3 and higher. for the diskless, to disable the flows, here is the procedure In diskless platform system, $FWDIR/bin directory is restored original file when the box is rebooted. Therefore, even if you modify "$FWDIR/bin/fwstart", the change does not remain when the box is rebooted. To overcome this limitation: 1. Make a copy of $FWDIR/bin/fwstart under /var/etc/ and modify its name to fwstart.slowpath. nokia[admin]# *cp $FWDIR/bin/fwstart /var/etc/fwstart.slowpath* 2. Modify /var/etc/fwstart.slowpath as follows: (original) ipsofwd flowpath-> (modify) ipsofwd slowpath 3. Add following script in /var/etc/rc.local. This script will force the diskless system to stay in "slowpath". #!/bin/sh sleep 60 ipsofwd slowpath sleep 60 cp $FWDIR/bin/fwstart /var/etc/fwstart.old cp /var/etc/fwstart.slowpath $FWDIR/bin/fwstart ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
