I have been running SMTP reports in R77.30 showing blocked events for a long time and was getting "Sessions" in the IPS report. Now with R80.10 the same IPS SMTP report shows "Logs". The log number is much lower then the sessions number in R77.30.
What is the difference between a Session vs. Log in the newer version? It is making my metrics look like Checkpiont is not blocking as much traffic. 
Hi Tony,
There are two factors at work here: Session Logging and Log Suppression. Please see this content I recently put together explaining the difference in regards to the IPS feature. Another small excerpt of this new content is located here: Another SmartConsole Usability Issue
Module 6 – IPS Logging
Session Logging
• Although not directly related to IPS logging, R80.10+ management by default will attempt to consolidate individual connection logs into a session log. This feature is commonly confused with Log Suppression which is quite relevant to IPS logging and covered next.
• A connection log typically only contains very basic information such as Layer 3 and Layer 4 information, while a session log is a collection (or superset) of individual connections.
• A session is a period that starts when a user first accesses an application or site. During a session, the gateway records one log for each application or site that a user accesses. All activity that the user performs within the session is included in the single session log.
• Note the multiple tabs (such as “Matched Rules”) in this single log entry, don’t miss these as they contain valuable information!
• For more information about session logging see this CheckMates article (from which the above screenshot was taken) by Moti Sagey at: https://community.checkpoint.com/message/6279
• To determine the actual number of individual connections made during a session, see the Suppressed Logs field of the log (not shown above).
IPS Log Suppression
--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com
| User | Count |
|---|---|
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 1 | |
| 1 |
Tue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 05:00 PM (CET)
Under the Hood: DO NOT Renew your WAF without watching THIS!!Wed 20 Nov 2024 @ 02:00 PM (MST)
Denver South: Infinity External Risk Management and Harmony SaaSThu 21 Nov 2024 @ 02:00 PM (MST)
Denver North: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 05:00 PM (CET)
Under the Hood: DO NOT Renew your WAF without watching THIS!!Mon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 26 Nov 2024 @ 03:00 PM (CET)
Navigating NIS2: Practical Steps for Aligning Security and ComplianceTue 26 Nov 2024 @ 05:00 PM (CET)
Discover the Future of Cybersecurity: What’s New in Check Point’s Quantum Firewall R82Tue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 02:00 PM (MST)
Denver South: Infinity External Risk Management and Harmony SaaSThu 21 Nov 2024 @ 02:00 PM (MST)
Denver North: Infinity External Risk Management and Harmony SaaSTue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management Workshop
