Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?
Traffic from source 192.168.1.1 is going to www.google.com. The Application Control Blade on the gateway is inspecting the traffic. Assuming acceleration is enabled which path is handling the traffic?
When traffic is inspected by Application Control and acceleration is enabled on a Check Point gateway, the traffic is handled by the Medium Path. The Medium Path is designed for situations where packets require deeper inspection by security features like Application Control, IPS, URL Filtering, etc. This path allows for more thorough packet inspection without sending the packets through the full slow path, thus providing a balanced approach between security and performance.
Correct answer is B not A. trust me !
sounds convincing :D :D
Answer should be B
Medium Path. Run "fwaccel conns | grep 443" (or 80) on any firewall with app control and you'll see all connections there with an S flag. Which means medium-path/inspection.
In regards to previous comments. (C) There is no fast path on 80+ it is called accelerated path. (D) is not valid here, because 'application control is inspecting the traffic' meaning this traffic is being inspected, thus it is in the kernel, in the fw_worker. Which leaves us with firewall path and medium path; from performance tuning admin guide 80.20: Medium Path (PXL) The CoreXL layer passes the packet to one of the CoreXL Firewall instances to process it. Even when CoreXL is disabled, the SecureXL uses the CoreXL infrastructure to send the packet to the single FW instance that still functions. When the Medium Path is available, the SecureXL fully accelerates the TCP handshake. Rule Base match is achieved for the yada yada... Exceptions are: yada yada... Application Control yada yada..... which leaves us with slow path answer.
Correct Answer is B Medium Path PSLXL & CPASXL– When SecureXL is enabled but packets cannot be accelerated, as they require further inspection by some blade such as IPS, Application Control, URL Filtering etc., a medium path is used. This path prevents a trip through all the irrelevant modules of the F2F path and directly sends packets to the Passive Streaming Layer (PSL) or the Check Point Active Streaming (CPAS) modules. The path that SecureXL uses to send packets to the PSL is called PSLXL, which is used for deeper inspection for IPS, Application Control, URL Filtering etc. In this path the gateway can do the inspection passively but cannot make changes or insert data in the stream. The path that SecureXL uses to send packets to the CPAS is called CPASXL, which is used by modules like Anti- Virus, HTTPS Inspection, VoIP, DLP etc. This module works like a transparent proxy, breaking the connection and acting as man- in- the- middle. This way it has complete control of the to connection and can make changes to the data inside the application.
B is correct. Why? Because I am using the exact same configuration in my home network. Most of my traffic at home is HTTPS, and I have a sublayer for that with high and critical risk categories enabled. These utulize both Application control and URLF. my fwaccel stats -s command says that 99 % is passing PSLXL path. PSLXL, the new PXL, is Medium path, so B is correct.
Slow Path
It should be B, Medium path not Slow path
The answer is A: When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions: .... All packets that match a rule with a Security Server (e.g., Authentication, Anti-Virus, URL Filtering, Anti-Spam). .... https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk32578
Security Servers including Legacy URLF has nothing to do with software blades APCL and URLF. Correct answer is B: Medium Path.
B is correct. • Firewall Path — Packets and connections that are inspected by the Firewall. These packets and connections are not processed by SecureXL. This path is also referred to as the Slow Path. • Medium Path — Packets that cannot use the accelerated path because they require deeper inspection. Although it is not necessary for the Firewall to inspect these packets, they can be offloaded by another feature. For example, packets that are examined by IPS cannot use the accelerated path and can be offloaded to the IPS Passive Streaming Library (PSL), which provides stream reassembly for TCP connections. As a result, SecureXL processes these packets quicker than packets on the slow path.
PXL pkts/Total pkts: This shows how many packets were not able to be completely handled by the Accelerated Path, but did not need to travel the full Firewall Path. The PXL path is known as the Medium Path, and is generally used to inspect traffic for IPS signatures but can also involve the firewall features Application Control/URL filtering, Anti-Virus/Anti-bot/Threat Emulation, and DLP. B is answer
This is surely medium path. There is no acceleration in Fastpath/Fw path.
Meant no acceleration in slowpath/firewall path. https://community.checkpoint.com/t5/General-Topics/Security-Gateway-Packet-Flow-and-Acceleration-with-Diagrams/td-p/40244
According to this link below, the AC module is in the medium path (so B is the answer): https://community.checkpoint.com/t5/General-Topics/R80-x-Security-Gateway-Architecture-Logical-Packet-Flow/td-p/41747
Any traffic that use a blade that needs a content inspection like application control : where we need the content manager infrastructer CMI (in our case CMI will use Protocol parser, Classifier, observer and Handler and other component of the CMI to control application traffic )will go to medium path. Hence B is the correct answer.
if there was a picture with GW(192.168.1.1), then it is Slow Path :)
I wanted to mark Slow path as traffic firstly needs to be matched against Firewall rule base. But I have 2 problems with it: 1st: Not sure if the name Slow Path is valid(it should be named Firewall path, shouldn't it? 2nd: juancho_ckp's explanations is very convincing
Discarding the least matching options (1/2): Slow Path (Firewal path or F2F): This path is used when the packet flow cannot be accelerated. Now, sk32578 states: "When SecureXL is enabled, all packets should be accelerated, except packets that match the following conditions"; Application Control traffic matched does not match as a condition that disables acceleration. For me, this statement implies that Application Control traffic is accelerated by default (unless any of the conditions stated in sk32578 exists in app coontrol rules). This leaves only Accelerated Traffic (option D) as an available (and matching) correct answer. Or this is another ambigous and annoying bad constructed question from CCSE exam.
Discarding the least matching options (1/2): Medium path (PXL) - Packet flow when the packet is handled by the SecureXL device, except for IPS (some protections) / VPN (in some configurations) / Application Control / Content Awareness / Anti-Virus / Anti-Bot / HTTPS Inspection / Proxy mode / Mobile Access / VoIP / Web Portals. So... Medium path might be discarded because packet flow is excepted for Application control blade. Fast Path: Does not exist in SecureXL architecture, so.. Fast Path discarded.