Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Amit_Singh4
Participant
Jump to solution

Why are some of IPS signatures showing as inactive in R80.10?

R80.10 - Why some of IPS signatures showing as inactive?

IPS SignaturesIPS Signatures

 

This is the profile configuration.

Profile Configuration.png

  Updates.png

 Configuration.png

 

 Additional Activation.png

 

I have gone through the one of post as given below:-

https://community.checkpoint.com/t5/Policy-Management/IPS-Protections-in-Detect-Staging/td-p/15373

But my profile setting is not anything in inactive mode. So trying to understand why few signatures still as in inactive.

Thanks & Regards

Amit

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion

All IPS signatures showing as Inactive in your screenshot have a performance impact rating of High or Critical.  Your TP profile states that all signatures with a performance impact of Medium or lower should be activated, thus inactivating all signatures with a High or Critical performance impact.  Activating IPS signatures with a High or Critical performance impact can have an adverse effect on firewall CPU load, as IPS signatures with a performance rating of High are handled approximately 50% in the Medium Path/PXL and 50% in the Firewall Path/F2F, while signatures with a Critical performance impact are handled 100% in the Firewall Path/F2F.  This adverse performance impact can be particularly noticeable on firewalls with less than 8 cores.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

2 Replies
Timothy_Hall
Champion
Champion

All IPS signatures showing as Inactive in your screenshot have a performance impact rating of High or Critical.  Your TP profile states that all signatures with a performance impact of Medium or lower should be activated, thus inactivating all signatures with a High or Critical performance impact.  Activating IPS signatures with a High or Critical performance impact can have an adverse effect on firewall CPU load, as IPS signatures with a performance rating of High are handled approximately 50% in the Medium Path/PXL and 50% in the Firewall Path/F2F, while signatures with a Critical performance impact are handled 100% in the Firewall Path/F2F.  This adverse performance impact can be particularly noticeable on firewalls with less than 8 cores.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Amit_Singh4
Participant
Thank You Tim.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events