cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Admin Not to be Blocked in Case of DOS

Hi

I am running a Compliance Check on all of My Checkpoint Firewalls. I am running R77.30 on all appliances (Management + Gateway)

I would like to know if there is any way to Setup "Admin" not to be blocked in case of a DOS

0 Kudos
4 Replies
Employee++
Employee++

Re: Admin Not to be Blocked in Case of DOS

Hi

If you are running the Security Management Server on a different appliance and not connecting through the Security Gateway, there should be a problem since the Security Management Server will be protected and not under load.

Tal

0 Kudos

Re: Admin Not to be Blocked in Case of DOS

My Management is a Separate Appliance

0 Kudos
Wolfgang
Gold

Re: Admin Not to be Blocked in Case of DOS

Ravindra_Katrag,

you can use priotity queues Firewall Priority Queues in R77.30 / R80.10 and above

###############################################################

Packets could be dropped by Firewall when CPU cores, on which Firewall runs, are fully utilized. Such packet loss might occur regardless of the connection's type (for example, local SSH or connection to Security Management Server server).

To help mitigate the above issue, Firewall Priority Queues feature was introduced in R77.30 Security Gateway.

################################################################

or if your gateway has enough CPUs you can use the new management plane feature in R80.30 to separate the .

See this thread from Danny New! R80.30 feature: Management Data Plane Separation (for gateways with 8+ cores)

 

Wolfgang

0 Kudos

Re: Admin Not to be Blocked in Case of DOS

Thank you

0 Kudos