User Space Firewall (USFW) is the infrastructure in which Check Point Firewall instances run in user space mode.
Note - For VSX, USFW is the only Firewall mode available.
- Improved memory utilization on Security Gateways with a large number of CPU cores
- Improved debugging tools and newly supported features
Security Gateways with USFW enabled by default
The FWD process is isolated and affined to a dedicated CPU core, when running in USFW on an appliance with at least 20 CPU cores.
In other cases (KSFW, or less than 20 CPU cores), the FWD process is affined to all CPU cores.
Certified Appliances for USFW
Appliances that can move to USFW, but do not run in USFW by default:
- Check Point 15600
- Check Point 15400
- Check Point 23800
- Check Point 5900
- Check Point 5600
- Check Point 5400
- Check Point 5800
- Check Point 6500
- Open Server
Use the factors listed below to select the best mode for your Security Gateway - User Space (USFW) or Kernel Mode (KSFW):
Changing the CoreXL Firewall Mode:
To change the Firewall mode in versions R81.10 and higher:
- Connect to the command line on the Security Gateway / each Cluster Member.
- Enter the number of the Check Point CoreXL option.
- Enter 3 to select Change firewall mode.
- Follow the instructions on the screen.
- Exit from the
To change the Firewall mode in versions R81, R80.40, and R80.30, contact Check Point Support.