cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

IPS Protection filter

Hi,

 

I want to understand what is dynamic and static IPS Protection. Also if we applied optimize profile then do basic profile still work?

 

Thanks

3 Replies
Highlighted

Re: IPS Protection filter

I'm not familiar with the terms "static" and "dynamic" being used to describe IPS Protections/Signatures.  Perhaps you are referring to IPS ThreatCloud Protections which can be dynamically updated from the Check Point ThreatCloud, while IPS Core Protections and Inspection Settings (formerly part of IPS but now part of the Access Policy in R80.10+) are "static", ship with the product as-is, and cannot be updated from the ThreatCloud?

As far as your profile question, it depends on the version of the gateway.   R77.30 and earlier gateways could only have one IPS Profile applied to traffic that was configured on the gateway object itself as the Protected Scope.  R80.10+ gateways can have multiple IPS Profiles applied to different types of traffic via rules in the Threat Prevention policy.

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted

Re: IPS Protection filter

 Management server R80 and gateway R77.30. Only optimize profile has been enabled but when i checked IPS log and click on go to IPS profile, i would take me to the basic profile. Not Optimize one.

 

Refer screen capture for static and dynamic protection.

 

static-dynamic protection.PNG 

0 Kudos
Highlighted

Re: IPS Protection filter

Specifically what is the version of your SMS, just R80 and not R80.XX right?

OK I see now, "Static" in your display refers to IPS Core Protections and "Dynamic" refers to IPS ThreatCloud Protections.  Core Protections use a different profile ("Basic" in your case) than the ThreatCloud Protections.  As mentioned in my IPS Immersion class Core Protections are in a kind of no-man's land between Inspection Settings & ThreatCloud Protections and are treated differently, see this thread for more info:

https://community.checkpoint.com/t5/IPS-Anti-Virus-Anti-Bot-Anti/IPS-Core-protection-I-need-help-to-...

This question seems to come up a lot...

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos