1.  I am using the "Optimized" profile

2.  No, the IPS blade is not set to update automatically.  I do it manually every time.

3.  I think this issue has been happening for a long time but just noticed it a couple week ago.

I dont have R80.40 to test, but will check in R81.10. By the way, Im pretty sure that manually updating IPS and having new protections in staging is NOT reason why you have this problem. As a matter of fact, give me some time, will test this in R81.20 lab in a bit and see what happens. Will let you know.

Andy

Ok, so I changed my ips profile to optimized, set to update manually and set protections to staging. Pushed the policy, so let me observe and maybe I can check again tomorrow.

Andy

Sorry, dont mean to "bombard" you with updates, but here is what I currently get, same set up as what you have, but as I said, will check again tomorrow. Mind you, this is R81.20 lab, but I dont think it should make any difference.

Don't worry about bombarding me with updates.  Thank you for your help!

I noticed your profile reads "Optimized - staging".  Is that the actual name of the profile you made or is the "staging" part something that Check Point adds when you have protections in staging mode?

Exactly Mike. So what happens is, as soon as you make ANY modifications to default IPS profile(s), it will ask you to save it with another name, usually clone, but I just called it optimized-staging. I simply added staging option as per below:

Hey man,

Dont worry, I did not forget aboyt ya : - ). Anyway, I tested again today with R81.10 AND R81.20 and all is fine, IPS shows updates, version is correct, I dont see any issues. Again, apologies, I sadly dont have R80.40 to test and probably wont have time to set up a lab today. Will see if anyone has existing lab I can tap into and try this.

Hello,

Thank you for testing and providing me the results of your testing for 81.10 and 81.20.  The fact that this happens in my 80.40 production and 80.40 lab makes me think this may affect all 80.40 instances.

I am considering changing my settings so IPS protections are updated automatically on the gateways and see if that makes a difference.

I am positive in the past, probably when I was on 80.30, on the install policy screen I would receive a message stating that the threat prevention policy would update the IPS package to version xxx.  I don't have my 80.30 environment to go back to to verify.

No worries, again, Im really sorry I dont have same version to test :(. Personally, as I always like to think logically about any issue, regardless what it is, I mean, IPS had not changed drastically from R80.40 to R81.20, so in my mind, its highly unlikely this would have been a bug in R80.40. Just wondering, have you ever tried disabling/re-enabling IPS blade tso see what ahppens? Disable ips, push policy, re-enable, push policy and then configure same settings again?

Since this was really bugging me, I quickly created R80.40 lab on esxi server with SSD drives, so I could try this on R80.40. Mike, I dont have same problem, it behaves exactly how it does on R81.10 and R81.20

At this point, I can only assume its something on your end, so you may wish to involve TAC and see why its not working as expected, sorry mate.

Its all good mate...patience and IT are usually not a "known combo" lol

Cheers.

Andy