Checkpoint 156-315.81 Exam With Confidence Using Practice Dumps

You can disable the SecureXL mechanism temporarily for further diagnostic by running fwaccel off on the Security Gateway1. This command disables SecureXL, which is an acceleration solution that maximizes the performance of the Firewall by offloading CPU-intensive operations to the SecureXL device2. Disabling SecureXL can help you troubleshoot connectivity or policy issues, as it forces all traffic to go through the Firewall kernel and bypass the SecureXL device1. To run this command, you need to access the Security Gateway in expert mode and run fwaccel off1. To enable SecureXL again, you can run fwaccel on1. Note that disabling SecureXL may affect the performance of the Security Gateway, so use it with caution and only when necessary1.

References: How to enable/disable Check Point SecureXL via CLI - Check Point Software, SecureXL - Check Point Software

 The SmartEvent Correlation Unit is responsible for analyzing the log entries and identifying events from them. It runs on the Log Server machine or on a dedicated machine1. To check the status of the SmartEvent Correlation Unit, you can use the command cpstat cpsead on the machine where it is installed. This command will show you information such as the number of logs processed, the number of events generated, the CPU and memory usage, and the status of the connection to the SmartEvent Server23.

References: SmartEvent Administration Guide R76, SmartEvent Administration Guide R75, SmartEvent Performance Tuning Guide

The traffic is handled by the Accelerated Path. According to the R81.x Security Gateway Architecture (Logical Packet Flow)1, the Accelerated Path is the fastest path for processing packets, as it bypasses most of the inspection and uses SecureXL to accelerate the traffic. The Accelerated Path is used for connections that are established, compliant with the security policy, and do not require any content inspection or NAT1.

The Application Control blade inspects the traffic based on the application identity, which is determined by the Application Control Software Blade in the Medium Path1. However, once the application identity is established, the connection can be offloaded to SecureXL and handled by the Accelerated Path2. This way, the Application Control blade can improve performance and reduce CPU consumption2.

The other paths are not used for this traffic because:

• The Slow Path is used for packets that are not compliant with the security policy, require stateful inspection or NAT, or are not supported by SecureXL1. This path involves the most inspection and processing, and is therefore the slowest3.
• The Fast Path is used for packets that are trusted and do not require any inspection or NAT. This path bypasses both SecureXL and the Firewall kernel, and uses a kernel module called simfast to forward the packets directly to the network interface driver4. This path is not enabled by default, and requires manual configuration of rules to define which traffic can use it4.
• The Medium Path is used for packets that require content inspection, such as IPS, Anti-Virus, Anti-Bot, URL Filtering, or Application Control1. This path uses SecureXL to accelerate some parts of the inspection, but still involves some processing by the Firewall kernel3. This path is only used for the first few packets of a connection until the application identity is established, and then the connection can be offloaded to the Accelerated Path2.

References: : Control SecureXL / CoreXL Paths - Check Point CheckMates : What is CoreXL & SecureXL – jermsmit.com : R81.x Security Gateway Architecture (Logical Packet Flow) : SecureXL and Application Control Layer - Check Point CheckMates