Optimizing an IPS profile for SMB

Document created by Günther W. Albrecht on May 25, 2018Last modified by Günther W. Albrecht on May 25, 2018
Version 2Show Document
  • View in full screen mode

Policy install on SMB appliances can fail if the IPS configuration enables too many protections. According to CP, SMB devices were never designed to run a full IPS policy and it is suggested to check sk105217 "Commit function failed"/"Installation failed" error on policy installation failure on small office appliances for configuration suggestions:

  • When managed by R80.x Security Management server, create an IPS profile based on the top of the built-in Optimized Profile; up to R77.30 Security Management server, clone the Recommended Profile.
  • Deactivate the "Server protections" option in IPS policy of the SMB Profile. In R80.x, it is found in the Pre R80 Settings:

 

Deactivate Server Protections

  • Deactivate IPS protections whose CVE is from 2010 and/or older - these are vulnerabilities you would rarely find in Small Office environment and the performance impact of them is not cost effective.

In R80.x you can add categories to Profile > IPS > Additional Activation > Protections to deactivate list:


R80.20 Optimized SMB Profile

  • You can also deactivate IPS protections for traffic that does not pass through those gateways, e.g. Protocol FTP if FTP is never used.

If this adaptions do not resolve the policy install issue, you can consult sk117793 Policy installation / fetch fails on Centrally Managed 1400 appliance  and sk126372 Policy installation on SMB appliances fails with "Load on Module failed - not enough disc space".

 

Please note that this is my own configuration that has not been checked by CheckPoint - and is open for discussions, corrections and additions .

5 people found this helpful

Attachments

    Outcomes