Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kb1
Collaborator

Does using ips detection profile on R80.20 going to drop traffic?

So i enabled ips detection profile on the firewalls and , did not select prevent and only detect, is that going to block some connections? because we did start having issues suddenly with traffic being dropped and im starting to think thats its related to this although detect mode is not supposed to drop anything, i havent tried disabling ips to see if it fixes the issues yet though.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

How are you observing these drops?
Keep in mind enabling IPS even in detect mode will have performance impact, especially if you haven’t enabled blades other than firewall and VPN previously.

0 Kudos
kb1
Collaborator

So i just wanted to confirm here since yourself and other checkpoint gurus would know better, i did ask my team and they are saying that me enabling the ips detetcion profiles and the issues are not related at all but i still just want to confirm here, also there shouldnt be any issues with the performance of the firewalls as the cpu usage never goes beyond 13 percent for both cluster members even now after enabling the ips detection profiles.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

A part of IPS is working even when IPS Blade is disabled - these core protections e.g. drop malformed packets. So there might be trouble with some legacy equipment connections (often encountered in industry or medical business) core protections that need an exclusion (sk162493).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events