cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Jesus_Cano
Copper

IPS license

Hi,

We have a perimetral FW. We are thinking in buying IPS license in order to avoid attacks from outside. So i would like to clarify the next subjects about IPS license.

-License -> IPS license
- Performance -> Enabling this feature what minimum requisites are needed? We dont want to have issues about CPU/,memory .....
-Administration -> Is it necessary many work hours to configure IPS blade (signatures...)? or is almost "plug a play"

thanks a lot

0 Kudos
2 Replies

Re: IPS license

We found that most of the basic profiles for IPS cause a load increase on the the gateway of round about 1.2 times the load without IPS.

There are some predefined profiles which are working great in most cases, plus you can create you own, that could contaim all high and critical risk with low and medium impact, but only for client side protections.

Fine-tuning is something that will need to be done where and when needed. Some specifics might cause havoc, but then you can open that protection directly from logging and create a exception when you know it is a false positive.

Regards, Maarten
0 Kudos
Admin
Admin

Re: IPS license

These days, we don't sell a license just for IPS, but a package that includes it (either NGFW, NGTP, or NGTX). 

Regardless, as Maarten said, there is a performance hit when the blade is enabled.

That said, if you're already using Application Control, the performance hit may not be as great.

Your best starting point would be to use the cpsizeme tool to see where your current appliance is: The Check Point Performance Sizing Utility 

Based on this and upon consult with your local office, we can see if your existing gateway can handle enabling IPS or not.

0 Kudos