https://community.checkpoint.com/t5/General-Topics/INSPECT-code-in-DEF-file-to-bypass-traffic-inspection-still-a/m-p/247034#M41300 <P>I had not seen that in some time, so dont believe it would be a "thing"</P> <P>Andy</P> Tue, 22 Apr 2025 18:26:55 GMT the_rock 2025-04-22T18:26:55Z https://community.checkpoint.com/t5/General-Topics/INSPECT-code-in-DEF-file-to-bypass-traffic-inspection-still-a/m-p/247032#M41299 <P>Hello All --&nbsp;</P> <P>More than decade ago (10-15yrs), I recall a customer working with TAC to setup DEF file that effectively passed any/all inspection for gateway on specific traffic.&nbsp; &nbsp;In this case, the traffic of concern was backup traffic that was hammering the gateway.&nbsp; &nbsp; The traffic was very specific and could be granularly identified by specific src:dst/port rules.&nbsp;</P> <P>Is this still a "thing"??&nbsp; &nbsp;&nbsp;</P> <P>Alternatively, we could create a NULL Treat Prevention policy and apply to the traffic.&nbsp; &nbsp;I understand from other Tim Hall comment on related post that Null TP policy is appropriate over exception.&nbsp; &nbsp;The latter processes all traffic and simply does not apply TP.&nbsp;</P> <P>Thanks -GA</P> <P>&nbsp;</P> <P>reference other posts on lack of documentation on INSPECT code?</P> <P><A href="https://community.checkpoint.com/t5/API-CLI-Discussion/INSPECT-language/td-p/52145" target="_blank">https://community.checkpoint.com/t5/API-CLI-Discussion/INSPECT-language/td-p/52145</A></P> <P>also Tim Hall comment on TP exception:</P> <P><A href="https://community.checkpoint.com/t5/Management/Is-it-possibly-to-bypass-the-Threat-Prevention-Emulation-blade/m-p/86154/highlight/true#M13862" target="_blank">https://community.checkpoint.com/t5/Management/Is-it-possibly-to-bypass-the-Threat-Prevention-Emulation-blade/m-p/86154/highlight/true#M13862</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 22 Apr 2025 18:10:27 GMT https://community.checkpoint.com/t5/General-Topics/INSPECT-code-in-DEF-file-to-bypass-traffic-inspection-still-a/m-p/247032#M41299 Garrett_DirSec 2025-04-22T18:10:27Z https://community.checkpoint.com/t5/General-Topics/INSPECT-code-in-DEF-file-to-bypass-traffic-inspection-still-a/m-p/247034#M41300 <P>I had not seen that in some time, so dont believe it would be a "thing"</P> <P>Andy</P> Tue, 22 Apr 2025 18:26:55 GMT https://community.checkpoint.com/t5/General-Topics/INSPECT-code-in-DEF-file-to-bypass-traffic-inspection-still-a/m-p/247034#M41300 the_rock 2025-04-22T18:26:55Z https://community.checkpoint.com/t5/General-Topics/INSPECT-code-in-DEF-file-to-bypass-traffic-inspection-still-a/m-p/247045#M41304 <P>Can it still be done via .def files? Quite likely.<BR />However, we typically recommend using fast_accel these days, which doesn't require editing .def files (but does involve CLI commands on each gateway).</P> Tue, 22 Apr 2025 20:38:44 GMT https://community.checkpoint.com/t5/General-Topics/INSPECT-code-in-DEF-file-to-bypass-traffic-inspection-still-a/m-p/247045#M41304 PhoneBoy 2025-04-22T20:38:44Z https://community.checkpoint.com/t5/General-Topics/INSPECT-code-in-DEF-file-to-bypass-traffic-inspection-still-a/m-p/247049#M41306 <P>Fast accel Phoneboy mentioned is definitely your answer, so I would go with that.</P> <P>Andy</P> <P><A href="https://support.checkpoint.com/results/sk/sk156672" target="_blank">https://support.checkpoint.com/results/sk/sk156672</A></P> Tue, 22 Apr 2025 20:55:14 GMT https://community.checkpoint.com/t5/General-Topics/INSPECT-code-in-DEF-file-to-bypass-traffic-inspection-still-a/m-p/247049#M41306 the_rock 2025-04-22T20:55:14Z