- CheckMates
- :
- Products
- :
- General Topics
- :
- Does using ips detection profile on R80.20 going t...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does using ips detection profile on R80.20 going to drop traffic?
So i enabled ips detection profile on the firewalls and , did not select prevent and only detect, is that going to block some connections? because we did start having issues suddenly with traffic being dropped and im starting to think thats its related to this although detect mode is not supposed to drop anything, i havent tried disabling ips to see if it fixes the issues yet though.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How are you observing these drops?
Keep in mind enabling IPS even in detect mode will have performance impact, especially if you haven’t enabled blades other than firewall and VPN previously.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So i just wanted to confirm here since yourself and other checkpoint gurus would know better, i did ask my team and they are saying that me enabling the ips detetcion profiles and the issues are not related at all but i still just want to confirm here, also there shouldnt be any issues with the performance of the firewalls as the cpu usage never goes beyond 13 percent for both cluster members even now after enabling the ips detection profiles.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A part of IPS is working even when IPS Blade is disabled - these core protections e.g. drop malformed packets. So there might be trouble with some legacy equipment connections (often encountered in industry or medical business) core protections that need an exclusion (sk162493).
