This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Ankur_Datta1
Participant
‎2018-05-04 08:53 AM

Need to know how IPS works in checkpoint

Hi All,

I am facing problem to deploy IPS on checkpoint R77.30. I enabled the IPS blade. I was looking if there is any specific policy we need to create for IPS as well but found there are only profiles. At the moment my gateway is set to default protection profile ( behavior: Prevent). From internal host, i tried to download a malware file however my browser declined the file saying this file has malicious content but i not able to find logs in smart view tracker or smart view event. Can anyone guide how i can deploy IPS and test. 

Thanks

0 Kudos
Reply
2 Replies
PhoneBoy
Admin
Admin
‎2018-05-04 10:38 AM

Note that malware (depending on what it is) may not necessarily be caught by IPS, but rather Anti-Virus or Threat Emulation/Extraction.

Also, if the traffic is encrypted, you'll also need HTTPS Inspection to see the traffic.

For IPS specifically, I would start here: Best Practices - IPS 

Generally you should be using the Recommended (versus the Default) profile in R77.30.

In R80.10, the Optimized profile is appropriate for most customers.

Reply
Tomer_Sole
Mod
Mod
‎2018-05-06 11:57 AM

the guide for you is this: https://community.checkpoint.com/message/13840-r8010-ips-best-practices-guide 

"i not able to find logs in smart view tracker or smart view event": please try to search "blade:IPS" on the logs & monitoring logs to find the relevant log item. 

0 Kudos
Reply