Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Quinn_Yost
Contributor
Jump to solution

Compliance: Option to not analyze CP default IPS profiles

I've looked and tried to find an option to not analyze the default Check Point IPS profiles.   In my test configuration, I have created a new profile and tuned it for performance and compliance.  All my gateways are set to use this profile.  However, when the compliance engine runs, it continues to report "Poor" status for some IPS checks because the "Default Inspection" profile fails to meet compliance.

Have I missed a setting, or is this something else that will need a future release to address?

0 Kudos
1 Solution

Accepted Solutions
Tomer_Sole
Mentor
Mentor

Just to clarify: In R80 and R80.10 you can uncheck the checkbox next to an IPS profile object in every broken best-practice. This will deactivate the object on the specific best-practice. So this is the workaround. And if that object happens to be a Gateway, you can take it out of the scope of Compliance blade. In the future, we are planning to deactivate all best practices for any type of object.

View solution in original post

0 Kudos
2 Replies
Tomer_Sole
Mentor
Mentor

Hi Quinn, this is a limitation of R80 that we will resolve in our next releases.

0 Kudos
Tomer_Sole
Mentor
Mentor

Just to clarify: In R80 and R80.10 you can uncheck the checkbox next to an IPS profile object in every broken best-practice. This will deactivate the object on the specific best-practice. So this is the workaround. And if that object happens to be a Gateway, you can take it out of the scope of Compliance blade. In the future, we are planning to deactivate all best practices for any type of object.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events