Support Center > Search Results > SecureKnowledge Details
SecureXL Accept Templates not created when ISP Redundancy is enabled in Primary/Backup mode
Symptoms
  • Output of 'top' command on Security Gateway shows high CPU utilization by Soft IRQ, although SecureXL is enabled.

  • Output of 'fwaccel stats -s' command shows that most of the traffic is "F2Fed".

  • CPView utility (sk101878) shows that most Forwarded traffic falls into these categories ('I/S' tab - 'SXL' menu - 'F2F-Reasons' menu):

    • TCP conn is F2Fed
    • UDP conn is F2Fed
    • other conn is F2Fed
  • Output of 'fwaccel stat' command shows that either "Accept Templates" are "enabled", or "disabled" from a very high rule.

  • Output of 'fwaccel templates' command shows very small number of templates, or none at all.

  • SecureXL debug ('fwaccel dbg -m general + template') shows:

    get_conn_template: <dir 1, Source_IP:Source_Port -> Dest_IP:Dest_Port IPP 6> cannot be offloaded as template
    ... ... ... 
    cphwd_offload_conn: conn handled by ISP redundancy - cannot offload template!;
    
  • Disabling the ISP Redundancy resolves the issue - most of the traffic is accelerated.

Cause

By design, SecureXL Accept Templates are not offloaded from Secure Gateway when ISP Redundancy is enabled in Primary/Backup mode.


Solution
Note: To view this solution you need to Sign In .