Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 39 subscribers
  • Views 6769 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

firewall-acceleration - what is this actually? fast path?

LHerzog

Hi,

may I have information about the technical background of so called "firewall-acceleration"?

Support is recently suggesting us to disable this in a case where ARP is failing in VLANs. And it has also been suggested here on the forums several times.

From the short description in the CLI Guide I assume it is fast path. But I never read more precise documentation of that feature.

If it is fast path only, I cannot imagine how it would have impact on failing ARP.

Thanks!

CLI Guide extract:

firewall-acceleration

Use to enable Firewall Acceleration that uses advanced data-path architecture that enables Sophos XG Firewall withfaster processing of data packets for known traffic



This thread was automatically locked due to age.
  • +1

    Its the virtual fast path. Basically the virtualization technique to foward certain traffic through the faster engine. 

    See: 

    Xstream architecture

    We are introducing the new Xstream architecture for XG Firewall - A new streaming packet processing architecture that provides extreme levels of protection and performance. The new architecture includes:

    • Xstream SSL inspection: Enable SSL inspection on your network without compromising network performance or the user experience. It delivers high-performance, high-connection-capacity support for TLS 1.3 and all modern cipher suites providing extreme SSL inspection performance across all ports, protocols, and applications. It also comes equipped with enterprise-grade controls to optimize security, privacy, and performance.
    • Xstream DPI engine: Enables comprehensive threat protection in a single high-performance streaming DPI engine with proxyless scanning of all traffic for AV, IPS, and web threats as well as providing application control and SSL inspection.
    • Xstream network flow FastPath: Provides the ultimate in performance by intelligently offloading traffic processing to transfer trusted traffic at wire speeds. FastPath offloading can be controlled through policy to accelerate important cloud application traffic or intelligently by the DPI engine based on traffic characteristics.

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi,

    does that mean the virtual function within a cpu should be enabled?
    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • +1 in reply to rfcat_vk

    No - This is a software architecture, which is build within the OS. Its not a visualized processor unit. 

    __________________________________________________________________________________________________________________

Unfiltered HTML