https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPS-exception-not-working-QS-1550-R81-10-07/m-p/193036#M9511 <P>Yes - this is IPS AND not specific to Spark SMB.</P> Tue, 19 Sep 2023 09:06:09 GMT G_W_Albrecht 2023-09-19T09:06:09Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPS-exception-not-working-QS-1550-R81-10-07/m-p/188683#M9293 <P>Hello everyone.</P><P><SPAN>I have created Command injection IPS exception for </SPAN><A href="http://anywheremail.qlc.co.in/" target="_blank" rel="noopener">anywheremail.qlc.co.in</A><SPAN> domain,but firewall is preventing traffic.Added above domain to URL allowlist as well.I want to bypass IPS only,not HTTPS inspection because it's business email service.</SPAN></P><P><SPAN>Check Point's 1550 Appliance R81.10.07 - Build 430</SPAN></P><P><SPAN>All subscriptions &amp; licenses are valid,No errors in configload_status.</SPAN></P><P>&nbsp;</P> Sat, 16 Dec 2023 07:37:59 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPS-exception-not-working-QS-1550-R81-10-07/m-p/188683#M9293 ANANTADSULE 2023-12-16T07:37:59Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPS-exception-not-working-QS-1550-R81-10-07/m-p/188699#M9295 <P>Command Injection is a Core Activation (not IPS ThreatCloud Protection) and as such general Threat Prevention exceptions do not apply to it.&nbsp; You need to add a Core Activation exception by editing the Command Injection protection itself and adding the exception there.&nbsp; If that doesn't work:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk171624" target="_blank" rel="noopener">sk171624: False positive drop for "SQL Injection" and "Command Injection" IPS protections</A></P> Sat, 05 Aug 2023 14:32:02 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPS-exception-not-working-QS-1550-R81-10-07/m-p/188699#M9295 Timothy_Hall 2023-08-05T14:32:02Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPS-exception-not-working-QS-1550-R81-10-07/m-p/193022#M9510 <P>Hi Timothy,</P><P>Would this be valid for QLS250? I'm seeing the same behaviour, with traffic being dropped despite having an IPS exception.</P><P>Thanks,</P><P>Daniel&nbsp;</P> Tue, 19 Sep 2023 07:45:10 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPS-exception-not-working-QS-1550-R81-10-07/m-p/193022#M9510 Daniel_Cimpeanu 2023-09-19T07:45:10Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPS-exception-not-working-QS-1550-R81-10-07/m-p/193036#M9511 <P>Yes - this is IPS AND not specific to Spark SMB.</P> Tue, 19 Sep 2023 09:06:09 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPS-exception-not-working-QS-1550-R81-10-07/m-p/193036#M9511 G_W_Albrecht 2023-09-19T09:06:09Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPS-exception-not-working-QS-1550-R81-10-07/m-p/200710#M9989 <P>Hey,<BR /><BR />I am having the same problem with a 1570. Did you find a way to bypass this False Positive?<BR /><BR />Regards</P> Fri, 15 Dec 2023 10:26:08 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPS-exception-not-working-QS-1550-R81-10-07/m-p/200710#M9989 pedro_filipe 2023-12-15T10:26:08Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPS-exception-not-working-QS-1550-R81-10-07/m-p/200797#M10012 <P>You need to create Threat prevention exception for Source-LAN,Destination-any,Protection - Command injection,Service-any,Action-Inactive.</P><P>As suggested by TAC.</P><P><SPAN>The exception should apply to traffic from inside the organization to the outside. This protection is specifically for internal servers, so everything else should be excluded.</SPAN></P><P>&nbsp;</P> Sat, 16 Dec 2023 07:45:35 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/IPS-exception-not-working-QS-1550-R81-10-07/m-p/200797#M10012 ANANTADSULE 2023-12-16T07:45:35Z