User-space Firewall (USFW) is the infrastructure that allows Check Point Firewall instances to run in user-space mode.
Note: For VSX USFW is the only mode available.
- Improved Memory utilization on Security Gateways with high number of cores
- Allows utilizing improved debugging tools and new supported features
Appliances with USFW enable by default
When running in USFW on at least 20 cores Appliance, the FWD process is isolated and affined to a dedicated CPU.
Otherwise, the FWD process will be affined to all CPUs, same as in KMFW.
Certified USFW Appliances
Appliances that can move to USFW but do not run in USFW by default:
- Check Point 15600
- Check Point 15400
- Check Point 23800
- Check Point 5600
- Check Point 5400
- Check Point 5800
- Check Point 6500
- Open server
Use the below factors to decide on the best mode for your Security Gateway User-Space or Kernel Mode