cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Why are some of IPS signatures showing as inactive in R80.10?

Jump to solution

R80.10 - Why some of IPS signatures showing as inactive?

IPS Signatures.PNGIPS Signatures

 

This is the profile configuration.

Profile Configuration.png

  Updates.png

 Configuration.png

 

 Additional Activation.png

 

I have gone through the one of post as given below:-

https://community.checkpoint.com/t5/Policy-Management/IPS-Protections-in-Detect-Staging/td-p/15373

But my profile setting is not anything in inactive mode. So trying to understand why few signatures still as in inactive.

Thanks & Regards

Amit

0 Kudos
1 Solution

Accepted Solutions
Highlighted

Re: R80.10 - Why some of IPS signatures showing as inactive?

Jump to solution

All IPS signatures showing as Inactive in your screenshot have a performance impact rating of High or Critical.  Your TP profile states that all signatures with a performance impact of Medium or lower should be activated, thus inactivating all signatures with a High or Critical performance impact.  Activating IPS signatures with a High or Critical performance impact can have an adverse effect on firewall CPU load, as IPS signatures with a performance rating of High are handled approximately 50% in the Medium Path/PXL and 50% in the Firewall Path/F2F, while signatures with a Critical performance impact are handled 100% in the Firewall Path/F2F.  This adverse performance impact can be particularly noticeable on firewalls with less than 8 cores.

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
2 Replies
Highlighted

Re: R80.10 - Why some of IPS signatures showing as inactive?

Jump to solution

All IPS signatures showing as Inactive in your screenshot have a performance impact rating of High or Critical.  Your TP profile states that all signatures with a performance impact of Medium or lower should be activated, thus inactivating all signatures with a High or Critical performance impact.  Activating IPS signatures with a High or Critical performance impact can have an adverse effect on firewall CPU load, as IPS signatures with a performance rating of High are handled approximately 50% in the Medium Path/PXL and 50% in the Firewall Path/F2F, while signatures with a Critical performance impact are handled 100% in the Firewall Path/F2F.  This adverse performance impact can be particularly noticeable on firewalls with less than 8 cores.

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Re: R80.10 - Why some of IPS signatures showing as inactive?

Jump to solution
Thank You Tim.
0 Kudos