Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Parabol
Contributor

How to check if IPS is inspecting a particular traffic flow? (or any blades for that matter)

Hi all, we are trying to ascertain whether IPS specifically is inspecting a particular traffic flow, as we're having a throughput issue. The User is not experiencing the expected throughput between two IP addresses, and we're trying to understand if the firewall/IPS is influencing this.

I tried playing around with the fw monitor command with various flags, I don't see anything to indicate IPS is inspecting it.

Presumably IPS logs in SmartConsole should be visible when filtering on these IP's too if it was being inspected?

Is there any other checks I can do to be sure what inspection is being performed on the flow?

Or any other tips you could suggest when troubleshooting throughput between two IP's that I could perform would be appreciated!

Thanks

0 Kudos
2 Replies
the_rock
Legend
Legend

This is normally how I would check.

Best,

Andy

 

Screenshot_1.png

0 Kudos
Lesley
Leader Leader
Leader

If the blade is on then there is "always" an IPS check. It is on quotes because it is mistaken that if you dont see IPS logs IPS is not doing anything. If you want more performance and no IPS check, it would be best to configure fastaccel for this IP

fastaccel: https://support.checkpoint.com/results/sk/sk156672

But for fastaccel to work you need to exclude the traffic from IPS!

You can also consider to disable IPS for a second and see what it does for the traffic:

on CLI: ips off -> ips on

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events