Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Iron

IPS - Basics Protections

Hello

I want to know if there are some specific information about basic IPS Signatures.

We have an external IPS (Main) but we need to enable some signatures in CheckPoint Firewall to protect if any signature escaped from the main IPS.

Thanks.

Regards.

0 Kudos
6 Replies
Admin
Admin

Re: IPS - Basics Protections

Not clear on what your question is.
0 Kudos
Highlighted

Re: IPS - Basics Protections

We have like 9000 signatures (or more maybe). I highly suggest you to check which protections are enabled the IPS default profile.

You can also use filters or categories to see specific signatures (ie: linux, wordpress, etc)

Hope it helps

_____

____________
https://www.linkedin.com/in/federicomeiners/
0 Kudos
Highlighted
Iron

Re: IPS - Basics Protections

Thank you Federico.

And from the Inspection Settings from "Shared Policies". I would like to protect my infraestructure from attacks like SYN FLOOD.

How its works de Inspection Settings signatures? 

Thank you

 

0 Kudos
Highlighted

Re: IPS - Basics Protections

First off, I'm assuming that you are using R80.10 or later on your gateway.  In R80.10+ there are essentially four separate types of signatures/protections that were formerly all part of IPS in R77.30 and earlier:

  1. IPS ThreatCloud Protections (part of Threat Prevention)
  2. Core Protections (part of Access Control...sort of)
  3. Inspection Settings (part of Access Control)
  4. Geo Policy (part of Access Control)

If you still have R77.30 or earlier gateways management of IPS is much more complicated.  I'm happy to answer specific questions about IPS that were covered in my IPS Immersion course, but I'd suggest reading the relevant Check Point IPS documentation first as this is a rather large topic.

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted
Iron

Re: IPS - Basics Protections

My version of gateway is R80.20SP and the managment also.

We have a 64000 appliance. My specific question is for Inspection Settings (part of Access Control).

 

 

0 Kudos