Announcing General Availability
for Harmony Connect Windows App
CheckMates Go:
Schrödinger’s Patch
End of Support Policy Update
For R80.10 Release
Tomer_Sole
Tell us how you do your IPS.
Are you satified with the default definitions?
Do you start with the default Check Point profiles and customize? If so, what do you typically change? Do you change the default levels of confidence/severity/performance? Do you add Additional Inspection By Tags? Change the Threat Emulation/Threat Extraction settings? Disable Staging? Please share.
Please note I am referring to changing the profile, not disabling individual protections.
| Just the Check Point "Recommended" Profile | 1 |
| Just the R80.10 Check Point "Optimized" Profile | 2 |
| Few of the Check Point Profiles ("Optimized", "Strict", "Basic" and "Recommended") | 0 |
| 1-2 profiles which I cloned from the default and customized. | 6 |
| 3-5 profiles which I customized | 7 |
| 6-9 customized profiles | 0 |
| 10+ customized profiles | 1 |
Tomer_Sole
Small tip: the IPS Protections page, where you can disable individual protections, by default only shows you profiles which are in use by your threat prevention policy. So if you ever created a bunch of profiles but never really used them, they will not be displayed in the IPS Protections view by default, to save you some screen real estate. But you can change it though.
If these are the profiles which I use in my policy:
Then these are the columns that I will see in the IPS Protections page:
(By the way, I haven't updated IPS lately. We now have over 8,600 protections)
You can change the columns here:
In our case this heavily depends on our customers needs. Some have just one profile - so we clone the recommended one and customize it to fit the customers applications etc.
Others do have a border, core, dmz firewall so we do have some more profiles to customize.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY