https://community.checkpoint.com/t5/General-Topics/IPS-Blade-is-preventing-but-not-enabled/m-p/53937#M10779 If you've disabled the blades in the General Properties of the relevant gateway object, then the blades should not be active irrespective of the Threat Prevention profile assigned.<BR />For any of these changes to take effect, the policy must be pushed to the relevant gateway.<BR />For R80.x gateways, you can push just the Threat Prevention profile.<BR />For R77.x gateways with IPS, you also need to push the Access Control policy. Mon, 20 May 2019 20:49:45 GMT PhoneBoy 2019-05-20T20:49:45Z https://community.checkpoint.com/t5/General-Topics/IPS-Blade-is-preventing-but-not-enabled/m-p/53932#M10776 <P>I enabled Threat Prevention Blade and later disabled all Threat Prevention Blades from Policies and Layers and General properties of the Firewall but could see IPS&nbsp; and AB traffic in the logs which is DETECT and PREVENT. In SSH , "enabled_blades" it doesn't show the Threat Prevention Blades. The logs shows the OPTIMIZED profile is being blocked but there is no Threat Prevention in the policies. When i click OPTIMIZE profile in the log it takes me to READ ONLY MODE where in the Threat Prevention i could see the OPTIMIZED profile is enabled with all Blades.&nbsp;</P><P>Closed the READ ONLY page and enabled back the THREAT PREVENTION Blade with IPS, AV, AB and&nbsp; created a new profile disabling all the Blades and installed policy. Later again disabled Threat Prevention. Now am not able to see any Threat prevention Logs.</P><P>In the CPVIEW i could see the Threat prevention Blades enabled but not in "enabled_blades". Myself stimulated the same scenario in a VM and ended up with the same situation.</P><P>Kindly assist whether the IPS Blades will inspect traffic based on the Blades enabled in the General profile or profile inside the Threat prevention.</P><P>Firewall- R80.10</P> Mon, 20 May 2019 19:24:27 GMT https://community.checkpoint.com/t5/General-Topics/IPS-Blade-is-preventing-but-not-enabled/m-p/53932#M10776 sajin 2019-05-20T19:24:27Z https://community.checkpoint.com/t5/General-Topics/IPS-Blade-is-preventing-but-not-enabled/m-p/53937#M10779 If you've disabled the blades in the General Properties of the relevant gateway object, then the blades should not be active irrespective of the Threat Prevention profile assigned.<BR />For any of these changes to take effect, the policy must be pushed to the relevant gateway.<BR />For R80.x gateways, you can push just the Threat Prevention profile.<BR />For R77.x gateways with IPS, you also need to push the Access Control policy. Mon, 20 May 2019 20:49:45 GMT https://community.checkpoint.com/t5/General-Topics/IPS-Blade-is-preventing-but-not-enabled/m-p/53937#M10779 PhoneBoy 2019-05-20T20:49:45Z https://community.checkpoint.com/t5/General-Topics/IPS-Blade-is-preventing-but-not-enabled/m-p/53939#M10781 <P>What is being enforced is probably the "Inspection Settings" part of the Access Control policy on your R80.10 gateway.&nbsp; These will be enforced separate from any part of Threat Prevention, have you checked there?&nbsp; Inspection Settings used to part of IPS in R77.30 which can be a bit confusing...</P> Mon, 20 May 2019 22:23:08 GMT https://community.checkpoint.com/t5/General-Topics/IPS-Blade-is-preventing-but-not-enabled/m-p/53939#M10781 Timothy_Hall 2019-05-20T22:23:08Z