cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Inspection settings block while being inactive, bug?

Helloes.

 

We had an inspection setting, TCP invalid retransmission, that we had to make an execption for, even though it is set to inactive. How can it block traffic if it's inactive in the profile, is this just a bug?

On R80.30.

0 Kudos
4 Replies

Re: Inspection settings block while being inactive, bug?

hmm, well it clears it up a bit I suppose. But I'm not that convinced it's well-known. 🤔
It should say in the manual that these doesn't support the inactive option.

Inspection settings in general seem to be quite poorly handled by checkpoint, I would say.

 

We should probably go through the profile we have active and activate the protections that you can't inactivate.

0 Kudos

Re: Inspection settings block while being inactive, bug?

I would stay with the information that can be found in Threat Prevention Administration Guide R80.30. At least, inactive protections do not put more load on the GW - after a certain span of using Detect for fine-tuning, all should be set either to Protect or Inactive.

0 Kudos

Re: Inspection settings block while being inactive, bug?

...well, there's no info at all in the Threat prevention guide about these since they're not a part of IPS. There's a little bit in the security management guide, but it's just the basics. On, off, exceptions.

They don't have staging, detect or prevent. They just have accept or drop, but the default setting is inactive which doesn't work.

0 Kudos