This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Philipp_Philipp
Participant
‎2018-07-01 11:56 PM

R80.10 Threat prevention policy enforcement order

Hello,

Can you please clarify the order of processing rules in R80.10 Threat Prevention policy, using single layer?

For example, if the first rule(where only Threat Emulation is enabled in profile) is matched, will other rules be checked?

I mean, other rules with Antivirus, for instance.

So, the rule base will look like this:

1   any    any   Profile1(Threat Emulation only)

2   any   any   Profile2(Antivirus and IPS)

Will traffic be checked with Antivirus and IPS here?

Thank you in advance.

2 Replies
Tomer_Sole
Mentor
Mentor
‎2018-07-02 01:07 AM

Hi, it depends on the type of the traffic.

IPS traffic will look for the IPS rule. AV traffic will look for the AV rule, etc.

regarding multiple layers and rules, see https://community.checkpoint.com/message/16963-re-editing-policy-from-no-layers-to-2-layers 

Philipp_Philipp
Participant
‎2018-07-09 11:59 PM
In response to Tomer_Sole

Thank you Tomer!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top