Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ravoth
Participant
Jump to solution

What's different meaning of Redirect, Detect, Drop, Block and Prevent?

Hello Everyone,

 

We are not clear with a different meaning on the keyword in Check Point such as Redirect, Detect, Drop, Block, and Prevent. Could you help to explain that keyword?

Thank you in advance!

Ravoth
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Detect and Prevent relate to the various Threat Prevention blades.
Prevent means block malicious traffic according to the configured Threat Prevention profile/settings.
Detect flags such traffic the logs but does not impede.
Redirect relates to UserCheck messages in logs (i.e. instead of seeing the webpage you desire, you are redirected to a Captive Portal).
Drop usually applies to Access Policy and means traffic does not get passed by the gateway.
Block is basically the same thing.

Context matters in all of the above, but that’s their general meaning.

View solution in original post

7 Replies
_Val_
Admin
Admin

Context is important. Are you talking about certain specific blades? Also, did you read documentation and/or searched this community before asking this question?

0 Kudos
Ravoth
Participant

Thank you for your answer!

We already searched on that keyword, but not found.

Ravoth
PhoneBoy
Admin
Admin

Detect and Prevent relate to the various Threat Prevention blades.
Prevent means block malicious traffic according to the configured Threat Prevention profile/settings.
Detect flags such traffic the logs but does not impede.
Redirect relates to UserCheck messages in logs (i.e. instead of seeing the webpage you desire, you are redirected to a Captive Portal).
Drop usually applies to Access Policy and means traffic does not get passed by the gateway.
Block is basically the same thing.

Context matters in all of the above, but that’s their general meaning.

Ravoth
Participant

Thank you @PhoneBoy!

Appreciating your explanation of the keyword, Have a great day! 

Ravoth
0 Kudos
Norbert_Bohusch
Advisor

Maybe I can explain Redirect a bit more in detail.

If you have a blade configured to Block/Prevent something (Anti-Virus, URL-Filtering, whatever) the gateway sends a redirect to the client to show the blockpage. If this redirect is not followed by the client, then the action in the log is redirect, telling you that he didn't saw the block.

The reason for this that the blocked/prevented connection is either a background connection (not done by a browser) or a part of the page like advertisements, etc. and because of that not followed by the browser.

Jeremy_Requena
Employee Alumnus
Employee Alumnus

Hey DWA, with Drop, I was under the assumption the gateway just swallows the packet without notifying the sender/source. 

With Block, the gateway drops the packet and sender/source is given a response.  

Is that correct?

PhoneBoy
Admin
Admin

Drop can only be done for unestablished connections, and yes, no response is set.
Block is similar to Reject, meaning a TCP Reset or ICMP Unreachable is sent. 
The primary difference: Reject is for unestablished connections, Block is for established ones.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events