This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kb1
Collaborator
‎2020-08-26 08:53 PM

Does using ips detection profile on R80.20 going to drop traffic?

So i enabled ips detection profile on the firewalls and , did not select prevent and only detect, is that going to block some connections? because we did start having issues suddenly with traffic being dropped and im starting to think thats its related to this although detect mode is not supposed to drop anything, i havent tried disabling ips to see if it fixes the issues yet though.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2020-08-26 09:12 PM

How are you observing these drops?
Keep in mind enabling IPS even in detect mode will have performance impact, especially if you haven’t enabled blades other than firewall and VPN previously.

0 Kudos
kb1
Collaborator
‎2020-08-26 09:23 PM
In response to PhoneBoy

So i just wanted to confirm here since yourself and other checkpoint gurus would know better, i did ask my team and they are saying that me enabling the ips detetcion profiles and the issues are not related at all but i still just want to confirm here, also there shouldnt be any issues with the performance of the firewalls as the cpu usage never goes beyond 13 percent for both cluster members even now after enabling the ips detection profiles.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2020-08-27 12:30 AM
In response to kb1

A part of IPS is working even when IPS Blade is disabled - these core protections e.g. drop malformed packets. So there might be trouble with some legacy equipment connections (often encountered in industry or medical business) core protections that need an exclusion (sk162493).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events