Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
carl_t
Contributor

Core protections profile in IPS

Hi All

Can anyone tell me about core protections in IPS?

On our setup, we have the firewalls set to recommended IPS profile, there is a core protections profile that I can also see, what are these core protections, do they apply to all firewalls as well as the recommended policy? or is it one or the other?

secondly, I have found that if we apply an ips exceptions policy to "any" object it doesnt work, we have to apply to the specific firewall for it to work, any ideas?

 

0 Kudos
2 Replies
G_W_Albrecht
Legend
Legend

Core Protections are enforced in dedicated profiles per Security Gateway and installed with the Access Control Policy. Exceptions to Core Protections must be applied to the profile that is assigned to the specific Security Gateway.

See sk122102: Traffic is dropped by IPS blade, while the protection is set to Inactive or Detect and sk162493: Adding an exception to IPS Core Protection does not take effect !

CCSE CCTE CCSM SMB Specialist
0 Kudos
Timothy_Hall
Champion
Champion

For technical reasons the 39 Core Protections/Activations sit in kind of a "no man's land" between Access Control and Threat Prevention.  As you noticed there is a separate profile assigned to control these and a separate set of exceptions that is not directly part of the rest of Threat Prevention.  Here is some coverage from my IPS/AV/ABOT self-guided video series where I attempt to explain how to deal with these Core Activations, hopefully this will make things a bit more clear:

core1.pngcore2.pngcore3.pngcore4.pngcore5.pngcore6.pngcore7.png

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events