topic Re: Pure NGIPS Capability for Check Point Security Gateway in Firewall and Security Management

Pure NGIPS Capability for Check Point Security Gateway

yediaelchrist — Tue, 30 Jun 2020 13:56:36 GMT

Hi All,

Is it possible to only activate IPS feature in Check Point Security Gateway and achieving pure IPS capability? By "pure IPS capability" in this context also means that we need network module with Fail Open (Bypass) capability.

I already done some research about the network module with Bypass capability by referring the following link and so far I also already have an idea about the appliance type that can support this kind of network module:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk87621

But still, the question about "is it possible to activate only IPS feature" still lingers in my mind. Can you please help me clarify this thing?

Appreciate your help, thanks!!

Cheers,

Yedi

Re: Pure NGIPS Capability for Check Point Security Gateway

PhoneBoy — Sat, 04 Jul 2020 20:30:29 GMT

You can't really disable the firewall but you can configure it with an any any accept policy.
And you can just enable IPS, thus you can basically run as an IPS.
That said, you will miss out on other elements of Threat Prevention by using only IPS.

If you're looking for a Threat Prevention focused solution without access control, I recommend checking out SandBlast Now, which uses regular appliances with fail open NICs and is managed from the cloud.
The cost is no different than a regular NGTX subscription.

Re: Pure NGIPS Capability for Check Point Security Gateway

Maarten_Sjouw — Sat, 04 Jul 2020 21:16:20 GMT

I have a customer that runs a box with 8 ports running 4 transparent paths that only has IPS enabled on top of the FW module, which cannot be disabled, just make sure to allow any to any with any port and the same above it with service X11.