cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
sajin
Nickel

IPS Blade is preventing but not enabled

I enabled Threat Prevention Blade and later disabled all Threat Prevention Blades from Policies and Layers and General properties of the Firewall but could see IPS  and AB traffic in the logs which is DETECT and PREVENT. In SSH , "enabled_blades" it doesn't show the Threat Prevention Blades. The logs shows the OPTIMIZED profile is being blocked but there is no Threat Prevention in the policies. When i click OPTIMIZE profile in the log it takes me to READ ONLY MODE where in the Threat Prevention i could see the OPTIMIZED profile is enabled with all Blades. 

Closed the READ ONLY page and enabled back the THREAT PREVENTION Blade with IPS, AV, AB and  created a new profile disabling all the Blades and installed policy. Later again disabled Threat Prevention. Now am not able to see any Threat prevention Logs.

In the CPVIEW i could see the Threat prevention Blades enabled but not in "enabled_blades". Myself stimulated the same scenario in a VM and ended up with the same situation.

Kindly assist whether the IPS Blades will inspect traffic based on the Blades enabled in the General profile or profile inside the Threat prevention.

Firewall- R80.10

Tags (1)
0 Kudos
2 Replies
Admin
Admin

Re: IPS Blade is preventing but not enabled

If you've disabled the blades in the General Properties of the relevant gateway object, then the blades should not be active irrespective of the Threat Prevention profile assigned.
For any of these changes to take effect, the policy must be pushed to the relevant gateway.
For R80.x gateways, you can push just the Threat Prevention profile.
For R77.x gateways with IPS, you also need to push the Access Control policy.
0 Kudos

Re: IPS Blade is preventing but not enabled

What is being enforced is probably the "Inspection Settings" part of the Access Control policy on your R80.10 gateway.  These will be enforced separate from any part of Threat Prevention, have you checked there?  Inspection Settings used to part of IPS in R77.30 which can be a bit confusing...

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos