cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Need to know how IPS works in checkpoint

Hi All,

I am facing problem to deploy IPS on checkpoint R77.30. I enabled the IPS blade. I was looking if there is any specific policy we need to create for IPS as well but found there are only profiles. At the moment my gateway is set to default protection profile ( behavior: Prevent). From internal host, i tried to download a malware file however my browser declined the file saying this file has malicious content but i not able to find logs in smart view tracker or smart view event. Can anyone guide how i can deploy IPS and test. 

Thanks

Tags (1)
0 Kudos
2 Replies
Admin
Admin

Re: Need to know how IPS works in checkpoint

Note that malware (depending on what it is) may not necessarily be caught by IPS, but rather Anti-Virus or Threat Emulation/Extraction.

Also, if the traffic is encrypted, you'll also need HTTPS Inspection to see the traffic.

For IPS specifically, I would start here: Best Practices - IPS 

Generally you should be using the Recommended (versus the Default) profile in R77.30.

In R80.10, the Optimized profile is appropriate for most customers.

Re: Need to know how IPS works in checkpoint

the guide for you is this:  

"i not able to find logs in smart view tracker or smart view event": please try to search "blade:IPS" on the logs & monitoring logs to find the relevant log item. 

0 Kudos