https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-best-practice/m-p/13849#M99389 <HTML><HEAD></HEAD><BODY><P>hi tomer,</P><P>any news on this document ?</P></BODY></HTML> Mon, 04 Dec 2017 09:47:04 GMT aner_sagi 2017-12-04T09:47:04Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-best-practice/m-p/13847#M99387 <HTML><HEAD></HEAD><BODY><P>I am interested in how people use IPS in R80.10.&nbsp; In R77.30 we would go through the flagged list then set the relevant protections to detect for 7 days – we would then clear down the flags for the ones we do not set.&nbsp; We would then review the logs to make sure there is no impact to legitimate site traffic (we have a customer facing SAAS platform) then we would set the flagged detects to protect and push policy.&nbsp; We would then repeat the cycle over a two week period.&nbsp;</P><P></P><P>In R80.10 I am thinking I would need to do the following to emulate this:-</P><OL><LI>Set activation mode to Detect on high and medium confidence</LI><LI>Set Activate IPS protections according to the following additional properties and select the vendors we want.</LI><LI>Set newly update protections to activation detect in Staging</LI><LI>Download the IPS update and push policy</LI><LI>Review the logs filtered to staging protections after 7 days</LI><LI>Set any that are affecting legitimate traffic to inactive (or add an exception)</LI><LI>Set the rest to Prevent and push policy.</LI></OL><P>Repeat steps 4 -7</P><P></P><P>What do other people do?&nbsp;</P><P></P><P>Thanks</P><P></P><P>Jon</P></BODY></HTML> Thu, 23 Nov 2017 15:29:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-best-practice/m-p/13847#M99387 Jon_Dyke 2017-11-23T15:29:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-best-practice/m-p/13848#M99388 <HTML><HEAD></HEAD><BODY><P>Hi, in a few days we will publish an&nbsp;"IPS Best Practices in R80.10".</P><P>This document is a recommendation, of course any customer can do what he prefers. The document is in its final stages of review.</P><P></P><P>Regardless of the Check Point document, we are always interested to hear&nbsp;you guys'&nbsp;processes.&nbsp;</P></BODY></HTML> Thu, 23 Nov 2017 15:48:07 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-best-practice/m-p/13848#M99388 Tomer_Sole 2017-11-23T15:48:07Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-best-practice/m-p/13849#M99389 <HTML><HEAD></HEAD><BODY><P>hi tomer,</P><P>any news on this document ?</P></BODY></HTML> Mon, 04 Dec 2017 09:47:04 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-best-practice/m-p/13849#M99389 aner_sagi 2017-12-04T09:47:04Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-best-practice/m-p/13850#M99390 <HTML><HEAD></HEAD><BODY><P>delayed by a couple of days unfortunately.. we will update here.</P><P>in the meantime your thoughts on Jon's notes?</P></BODY></HTML> Mon, 04 Dec 2017 10:11:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-best-practice/m-p/13850#M99390 Tomer_Sole 2017-12-04T10:11:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-best-practice/m-p/13851#M99391 <HTML><HEAD></HEAD><BODY><P>Any word on an update for the guide? Thanks!</P></BODY></HTML> Wed, 10 Jan 2018 15:42:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-best-practice/m-p/13851#M99391 K__P__Kennedy 2018-01-10T15:42:11Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-best-practice/m-p/13852#M99392 <HTML><HEAD></HEAD><BODY><P>Apologize for the delays, please follow this thread -&nbsp;<A href="https://community.checkpoint.com/message/13840-r8010-ips-best-practices-guide" target="_blank">https://community.checkpoint.com/message/13840-r8010-ips-best-practices-guide</A>&nbsp;</P></BODY></HTML> Fri, 21 Jun 2019 09:04:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-best-practice/m-p/13852#M99392 Tomer_Sole 2019-06-21T09:04:13Z