Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copper

Can checkpoint Inspection Settings exceptions select only one wall?

Dear  Engineer

     Can checkpoint Inspection Settings exceptions select only one wall?

1122.png1123.png

0 Kudos
3 Replies
Highlighted

Selecting more than one gateway here (other than "Any" which means all gateways) is not allowed.  To make this possible a nonexistent object type called "Gateway Group" would be needed; a usual network object group can't be selected here even if it only contains gateway/cluster objects.  There is nothing stopping you from creating multiple identical exceptions and applying each of them to a separate single gateway/cluster however.

Also be aware of the following notes concerning Inspection Settings exceptions quoted from my IPS Immersion course:

Spoiler
◦ Inspection Settings Exceptions are specified separately from Threat Prevention Exceptions, so the main Threat Prevention
Global exceptions DO NOT apply.
◦ One, some, or all Inspection Settings signatures can be specified in a single Inspection Setting Exception rule for an R80.10
gateway. For an R77.30 gateway, Inspection Settings Exceptions must be specified in the IPS layer under Threat Prevention.
◦ Each gateway has exactly one Inspection Settings Profile assigned to it.

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted
Copper

In the Install on installation option, I did not find the gateway object to install.Have you ever had this problem? I need your help

111.png

0 Kudos
Highlighted
Sapphire

I would suggest to contact TAC with this issue !

0 Kudos