- Products
- Learn
- Local User Groups
- Partners
- More
On-Premise SD-WAN Management
Register HereWhat's New in R82.10?
Watch Here AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
The Moment Before
Check Point’s Intrusion Prevention System (IPS) is a core component of Threat Prevention, providing proactive protection against a wide range of network threats. Over time, the IPS engine and its signature formats have evolved, leading to the coexistence of "normal" and "version 2 (Ver 2)" signatures. This post explains the technical reasons for maintaining both, their architectural differences, and best practices for deployment.
IPS Architecture Overview
Check Point IPS uses a multi-layered detection engine:
IPS Inspection Flow Diagram
Traffic is processed through multiple analysis stages, with signatures applied at different protocol layers.
Normal vs. V2 Signatures: Technical Comparison
| Feature | Normal Signature | V2 Signature (INSPECTv2) |
|---|---|---|
| Detection Engine | Classic Pattern Matcher | INSPECTv2 (advanced engine) |
| Coverage | Known threats | New threats, evasive techniques, improved accuracy |
| Performance | Lower resource usage | May require more CPU/memory, but optimized for accuracy |
| Compatibility | Legacy gateways | Modern gateways (R80+) |
| Update Frequency | Less frequent | Updated regularly |
Why Maintain Both Signature Types?
Performance Considerations
Best Practices for Managing Signature Versions
Summary
References
The way to search for subscriptions without needing a special login
So if IPS Explorer is not available, what other means do we have to find out the exact pattern the IPS protection matched on?
To my knowledge, there is no way to see what a given IPS signature matches.
Hi @AlbertoThree , sorry for the delay in responding, but I found a website where we can verify the signatures and what they protect. Here are the links.
https://advisories.checkpoint.com/advisories/
https://threatwiki.checkpoint.com/threatwiki/public.htm
Thanks for the info!
You're welcome, we're here to help each other. Actually, I wrote another article on how to do this research; here's the link.
https://community.checkpoint.com/t5/Firewall-and-Security-Management/CVE-Signature-Evidence-the-shor...
I think this is totally on topic, @AlbertoThree , as @Timothy_Hall said, you need a screenshot of the video to see more details. You can add them here, like in the screenshot.
Thanks @WiliRGasparetto and @WiliRGasparetto for your answers!
As soon as I am back in the office I will take a look at IPS explorer as well as review the settings.
You're welcome, count on us anytime for this and other matters.
I wrote another article related to EPS troubleshooting; it's worth reading at the link.
https://community.checkpoint.com/t5/Firewall-and-Security-Management/IPS-How-to-Filter-Events-by-CVE...
Hi everyone, I found where to search for subscriptions and wrote an article about it.
https://community.checkpoint.com/t5/Firewall-and-Security-Management/CVE-Signature-Evidence-the-shor...
Very nice post indeed
Thank you
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 70 | |
| 23 | |
| 7 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 |
Tue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY