CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


** Announcing the #CPUGchallenge **

I'm very happy to announce that CPUG will be hosting "The CPUG Challenge" during CPX this year.
It promises to be a fun and interesting event that will test (and maybe even expand) your knowledge of R80.10.
Whether or not you plan to attend CPX, we have something for you. Please check out this post or the CPUGchallenge.com web site for more information. -E

 

Results 1 to 3 of 3

Thread: Question On Protocol and ClusterXL

  1. #1
    Join Date
    2017-05-16
    Posts
    1
    Rep Power
    0

    Default Question On Protocol and ClusterXL

    What is the difference between http and http80_NoSDF in firewall protocol?
    When does the latter appear? Caan I filter one but not the other in the FW logs?

    My workplace FW is using ClusterXL. Does that explain why I am learning 2 mac addresses from a device on two separate interfaces?
    Where can I learn more about clusterxl?

  2. #2
    Join Date
    2007-06-04
    Posts
    3,201
    Rep Power
    14

    Default Re: Question On Protocol and ClusterXL

    If you look under the Advanced Section of the Service Definition then will find that under the Protocol part then the HTTP Service has a Service type set.

    This causes certain IPS work against the traffic even if IPS Blade not enabled.

    http80_NoSDF will have been defined by an Administrator without the protocol setting under the Advanced Section so that no IPS is invoked.

    The NoSDF is probably short for NoSmartDeFense. SmartDefense being the predecessor to the IPS Blade.

  3. #3
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    1,954
    Rep Power
    11

    Default Re: Question On Protocol and ClusterXL

    Pretty sure SDF is referring to the Sticky Decision Function of Load-Sharing ClusterXL deployments. I assume the http80_NoSDF Protocol Type is excluding port 80 traffic matching this service object from the additional overhead of SDF. Should only matter in a Load Sharing deployment, not HA which is active/standby.
    --
    My book "Max Power: Check Point Firewall Performance Optimization"
    now available via http://maxpowerfirewalls.com.

Similar Threads

  1. ClusterXL HA interface topology question
    By cpinfo in forum Advanced Networking & Clustering Blade
    Replies: 4
    Last Post: 2016-08-10, 21:45
  2. ClusterXL Question - Setup
    By tdvit in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 3
    Last Post: 2012-07-05, 08:33
  3. Question about ClusterXL ...
    By lsyl69 in forum Licensing
    Replies: 1
    Last Post: 2010-02-23, 21:37
  4. Newbie question: ClusterXL vs HA
    By hotice_ in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 17
    Last Post: 2009-12-10, 12:06
  5. ClusterXL license question
    By cciesec2006 in forum Licensing
    Replies: 8
    Last Post: 2007-10-17, 11:06

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •