Support Center > Search Results > SecureKnowledge Details
Configuring CoreXL Firewall instances on Quantum Spark Appliances Technical Level
Solution

CoreXL

CoreXL is a performance-enhancing technology for Security Gateways on multi-core platforms. CoreXL makes it possible for the CPU cores to perform multiple tasks concurrently. This enhances the Security Gateway performance.

On a Security Gateway with CoreXL enabled, the Firewall kernel is replicated multiple times. Each replicated copy of the Firewall kernel, or CoreXL Firewall instance, runs on one CPU core.

These CoreXL Firewall instances handle traffic concurrently, and each CoreXL Firewall instance is a complete and independent Firewall inspection kernel. When CoreXL is enabled, all the Firewall kernel instances in the Security Gateway process traffic through the same interfaces and apply the same security policy.

Number of CoreXL Firewall instances

The table below shows the CoreXL configuration on Quantum Spark Appliances - the default and the maximum number of CoreXL Firewall instances for different states of IPv6:

Model of a
Quantum
Spark
Appliance
Total number
of CPU cores

Default number
of IPv4 instances
when IPv6
is disabled

Default number
of IPv4 instances
when IPv6
is enabled

Default number
of IPv6 instances
when IPv6
is enabled

Maximum* number
of IPv6 instances
when IPv6
is enabled

1530 3 3 2 2 2
1550 4 4 2 2 2
1570 3 3 2 2 2
1590 4 4 2 2 2
1570R 4 4 2 2 2
1600 12 10 10 2 10
1800 12 10 10 2 10

* The number of IPv6 CoreXL Firewall instances cannot exceed the number of IPv4 CoreXL Firewall instances.

IPv4 CoreXL Firewall instances

To view the current number of IPv4 CoreXl Firewall instances, run:

fw ctl multik stat

To change the number of IPv4 CoreXL Firewall instances:

  1. Run this command in the Expert mode:

    FW_BOOT_DIR=/opt/fw1/boot fwboot corexl enable <Number of IPv4 Instances>

  2. Reboot the appliance.

IPv6 CoreXL Firewall instances

To view the current number of IPv6 CoreXl Firewall instances, run:

fw6 ctl multik stat

To change the number of IPv6 CoreXL Firewall instances:

  1. Run this command in the Expert mode:

    FW_BOOT_DIR=/opt/fw1/boot fwboot bootconf set_kern6num <Number of IPv6 Instances>

  2. Reboot the appliance.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
Applies To:
  • Make sure you activated your license or the core count might be incorrect. https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk172912

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment