Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BeaconBits
Contributor

How packet flow works inside the IPS blade..?

Hello Everyone,

 

I am troubleshooting one of the issue that involve the IPS. 

But I'm unable to understand the IPS behaviour in terms of packet flow inside the IPS blade.

 

Can anyone share the IPS structure in Checkpoint firewall?

The administrative document does not explain well instead of configuration.

 

Regards,

B

0 Kudos
5 Replies
Danny
Champion Champion
Champion

  • SecureKnowledge sk95193: ATRG IPS
0 Kudos
Nick_Doropoulos
Advisor

Hi B,

I take it that you have already consulted the ATRG IPS document and that it has not provided you with the requested information.

Could you elaborate for us what is the exact problem you are facing please in case we can help?

Thanks.

0 Kudos
Timothy_Hall
Champion
Champion

As far as IPS and its related features, it goes more or less like this in R80.10+:

1) Geo Policy Enforcement

2) Inspection Settings enforcement as part of Access Policy

3) Core Activations & ThreatCloud Protections early in the Threat Prevention policy

Please provide what problem you are looking to solve and the gateway version, as IPS is implemented quite differently in R77.30 and earlier.

 

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Lari_Luoma
Ambassador Ambassador
Ambassador

More technical, but still very simplified steps. Go ahead and read the IPS ATRG as recommended earlier.

  1. Passive Streaming (PSL)
    1. Re-ordering of packets
  2. Unified Streaming and ASPII
    1. US decides which parser will handle this traffic
    2. ASPII decides which protections to run for this traffic
  3. Protocol Parsers
    1. Parse protocols for RFC compliance etc. and recognize contexts.
    2. Inspection settings and core protections are executed here.
  4. CMI
    1.  Receives contexts from parsers.
    2. Executes relevant protections to traffic
    3. Returns result to parsers
0 Kudos
PhoneBoy
Admin
Admin

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events