This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
svori
Collaborator
Collaborator
‎2023-05-03 06:37 AM
Jump to solution

Schedueled policy installs

Hi,

 

I am looking to find where schedueled policy installs are initiated from.

The reason for this is that every night i see automated threat prevention policy installs but i cannot find where they are configured.

Environment is R81.10 Take79 and it is an SMS.

There are no smart tasks configured, at least not what i can see, are they unique and only visible for each user ?

No other schedueled tasks are configured.

0 Kudos
2 Solutions

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
‎2023-05-03 06:45 AM
Jump to solution

Look for IPS Updates settings ! Scheduled Updates can end with a policy install: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_ThreatPrevention_AdminGuide/...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

Tal_Paz-Fridman
Employee
Employee
‎2023-05-03 06:50 AM
Jump to solution

@G_W_Albrecht is correct. Go to - SmartConsole > Security Policies > Threat Prevention > Custom Policy 

At the bottom go to - Custom Policy Tools > Updates > Schedule Update.

The second option allows you to configure when policy is installed following a successful update.

2023-05-03 16_51_13-IPS Scheduled Update.png

View solution in original post

7 Replies
G_W_Albrecht
Legend Legend
Legend
‎2023-05-03 06:45 AM
Jump to solution

Look for IPS Updates settings ! Scheduled Updates can end with a policy install: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_ThreatPrevention_AdminGuide/...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Tal_Paz-Fridman
Employee
Employee
‎2023-05-03 06:50 AM
Jump to solution

@G_W_Albrecht is correct. Go to - SmartConsole > Security Policies > Threat Prevention > Custom Policy 

At the bottom go to - Custom Policy Tools > Updates > Schedule Update.

The second option allows you to configure when policy is installed following a successful update.

2023-05-03 16_51_13-IPS Scheduled Update.png

svori
Collaborator
Collaborator
‎2023-05-03 06:54 AM
In response to Tal_Paz-Fridman
Jump to solution

Should not be necessary if gateway is configured to update IPS itself right ?

0 Kudos
the_rock
Legend
Legend
‎2023-05-03 07:17 AM
In response to svori
Jump to solution

Still needs to enabled manually.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-05-03 07:41 AM
In response to svori
Jump to solution

This is found here: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_ThreatPrevention_AdminGuide/...

Check Point wants the customer to be protected. When a protection update is available, Check Point wants the configuration to be automatically enforced on the gateway. You can configure automatic gateway updates for Anti-Virus, Anti-Bot, Threat Emulation and IPS.

For Anti-Virus, Anti-Bot and Threat Emulation, the gateways download the updates directly from the Check Point cloud.

For IPS, prior to R80.20, the updates were downloaded to the Security Management Server, and only after you installed policy, the gateways could enforce the updates. Starting from R80.20, the gateways can directly download the updates. For R80.20 gateways and higher with no internet connectivity, you must still install policy to enforce the updates.

When you configure automatic IPS updates on the gateway, the action for the newly downloaded protections is by default according to the profile settings.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
svori
Collaborator
Collaborator
‎2023-05-03 07:50 AM
In response to G_W_Albrecht
Jump to solution

Not sure if that is correct any longer:

"For IPS, prior to R80.20, the updates were downloaded to the Management server, and only after you installed policy, the gateways could enforce the updates. Starting from R80.20, the gateways can directly download the updates. For R80.20 gateways and higher with no internet connectivity, you must still install policy to enforce the updates"

Please correct me if am wrong but if gateway HAS internet access then this scheduled install is not needed according to above text from documentation.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-05-03 07:59 AM
In response to svori
Jump to solution

If the GW is configured to install Updates and has internet access, scheduled policy install is not necessary. You will only need a policy install when changing IPS protection settings.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top