Hi Gary/Hugo,
Thanks a lot for your help. Here is mine situation:
1) the box is fresh installed of IPSO 4.1 build 19 with NGx R61 w/ HFA_01.
2) I disable Floodgate.
3) Both the Provider-1 and the Nokia is running on Checkpoint provided eval
license so there is NO licensing issue.
4) repush the policy
5) reboot the Nokia.
6) turn on SecureXL with "fwaccel on"
7) here is "fwaccel stat" output:
NGxR61-1-P[admin]# fwaccel stat
Accelerator Status : on
Templates : disabled by FireWall-1 starting from rule #7
Accelerator Features : Accounting, NAT, Cryptography, Routing,
HasClock, Templates, VirtualDefrag, GenerateIcmp,
IdleDetection, Sequencing, TcpStateDetect,
AutoExpire, DelayedNotif, McastRouting,
WireMode
Cryptography Features : Tunnel, UDPEncapsulation, MD5, SHA1, NULL,
3DES, DES, ESP, LinkSelection, DynamicVPN,
NatTraversal, EncRouting
NGxR61-1-P[admin]#
8) I have NO add-on VPN acceleraion card, only the built-in on this IP380.
9) Under Voyager "Cryptographic Hardware Acceleration Configuration for VPN-1",
I see itbeing turned on as up,
10) Under voyager monitoring, "I do not see it 0 packets encrypted and
decrypted".
Gary Scott <[EMAIL PROTECTED]> wrote: I ran into the same thing with a pair of
350's that were scratch
installed with 3.9 and R60, 1 unit showed the option in voyager while
the other did not. This may/may not apply for you...entering the link
below did show the accelerator option and it was enabled there.
-GS
enter the following Voyager configuration page in a web
browser and enable the accelerator if possible?
The link is
http:///cgi-bin/ubsec_config.tcl?package=/opt/CPsuite-R60/fw
1
Question...." Could you clarify? With the 350 it comes with an onboard
accelerator
that is non-configurable, with the 380 you can have an additional
accelerator card installed along with the onboard accelerator, only then
should you see any option in voyager for the accelerator.
Am I way off base? When should we see the option for the accelerator in
voyager?"
Answer....You are correct about the accelerator that is onboard the
IP350 & IP380.
However, the accelerator options will appear for both IP350 & IP380.
As it is, there are 2 drivers for the Boardcom accelerator card that you
have, Luna & SecureXL API. If you have activated the Luna API for the
accelerator card, the option will appear in Voyager. However, if you had
turned on SecureXL, SecureXL will take over the Luna API functionality
as SecureXL is much faster than Luna. If this is the case, the option
will disappear from Voyager.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[EMAIL PROTECTED] On Behalf Of
cisco4ng
Sent: Wednesday, November 15, 2006 2:49 PM
To: [email protected]
Subject: Re: [FW-1] VPN acceleration card on IP380 and IPSO4.1 build 19
This is the Nokia so I dont' think Performance Pack applied here.
In anyway, here is the output from "manage packages":
[input] On [input] Off Check Point VPN-1 Pro/Express NGX R61 (Mon
Mar 6 10:56:42 IST 2006 Build 602000207) /opt/CPsuite-R61
Applications Enable Package Name Directory [input] On [input]
Off Check Point R55W Compatibility Package for NGX (Tue Jan 10 08:24:05
IST 2006 Build 602000102) /opt/CPR55WCmp-R61 [input] On [input] Off
Check Point CPinfo (Thu Dec 22 14:03:00 IST 2005 Build 911000031)
/opt/CPinfo-10 [input] On [input] Off R55 Compatibility Package for
NGX (Sun Feb 19 13:55:17 IST 2006 Build 602000103) /opt/CPngcmp-R61
[input] On [input] Off Check Point Eventia Reporter NGX R61 (Sun Feb
19 02:58:02 IST 2006 Build 602000183) /opt/CPrt-R61 [input] On
[input] Off Check Point UserAuthority Server NGX R61 (Thu Feb 2
19:49:41 IST 2006 Build 602000106) /opt/CPuag-R61 [input] On [input]
Off Check Point VSX NGX Compatibility Package for VSX NGX (Sun Feb 5
16:53:17 IST 2006 Build 602000104) /opt/CPvsxngxcmp-R61 [input] On
[input] Off IPRG Unsupported tools
Juan Concepcion wrote: -----BEGIN PGP
SIGNED MESSAGE-----
Hash: SHA1
You have performance pack off correct?
Juan
cisco4ng wrote:
> All,
> can someone explain this to me?
> I have an IP380 running IPSO 4.1 build 019 with NGx R61 with HFA_01.
This IP380,
> as I understand it, has a built-in VPN acceleration card which I can
see from Voyager.
> I enable the VPN acceleration card via voyager under "crypto
hardware acceleration",
> repush the policy and reboot the IP380. In voyager, it tells me
that the vpn accleration
> card model is "/dev/hwa0 5802"
>
> I have a site-to-site VPN from this IP380 to another Nokia IP710
running NG Feature
> Pack 3 with HFA_327. The site-to-site VPN is "3des/MD5 with DH
group 2".
>
> The VPN is working fine but when I go into "cryptographic hardware
accleration
> statistics", I see nothing but zero. This was NOT the case when the
IP380 is
> running IPSO 3.7.1 build 025 with NG Feature Pack 3 HFA_327. I can
see the
> packets being processed by the vpn accleration card.
>
> Does it it mean that ipso4.1/NGx R61 will ignore the built in vpn
acceleration card on
> the IP380? What am I missing here? I understand that the built-in
will NOT support
> AES-256 but I am using 3DES/MD5 but it does work in IPSO 3.71. build
25 with NG
> Feature Pack 3 HFA_327 so I must be missing something here.
>
> Please help.
>
> cisco4ng
>
>
>
>
> ---------------------------------
> Sponsored Link
>
> $420,000 Mortgage for $1,399/month - Think You Pay Too Much For Your
Mortgage? Find Out!
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFW2ea5MTluexDZhIRAucWAKCZoMcdukJ7TVJLnlDQQpgbBf8TcQCgwVf1
on3xtrXyRZrAJvVO35Z91CI=
=+cYk
-----END PGP SIGNATURE-----
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
---------------------------------
Sponsored Link
Mortgage rates as low as 4.625% - $150,000 loan for $579 a month.
Intro-*Terms
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
