User Space Firewall (USFW) is the infrastructure in which Check Point Firewall instances run in user space mode.
Note - For VSX, USFW is the only Firewall mode available.
- Improved memory utilization on Security Gateways with a large number of CPU cores
- Improved debugging tools and newly supported features
Security Gateways with USFW enabled by default
The FWD process is isolated and affined to a dedicated CPU core, when running in USFW on an appliance with at least 20 CPU cores.
In other cases (KSFW, or less than 20 CPU cores), the FWD process is affined to all CPU cores.
Certified Appliances for USFW
Appliances that can move to USFW, but do not run in USFW by default:
- Check Point 15600
- Check Point 15400
- Check Point 23800
- Check Point 5600
- Check Point 5400
- Check Point 5800
- Check Point 6500
- Open Server
Use the factors listed below to select the best mode for your Security Gateway - User Space (USFW) or Kernel Mode (KWFW):
Note - If it is necessary to change the Firewall mode, contact Check Point Support.