This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
S_E_
Advisor
‎2023-03-20 03:38 AM
Jump to solution

Shared Policies | Inspection settings


hi,

perhaps a dumb question:

There is a menu Shared Policies | Inspection settings
There are a lot of paramter which you can modify.
The comment shows:
The following settings are set according to gateway settings and installed via Access Policy installation.

Are these parameter relevant for IPS/Threat prevention blade only? (firewall and IPS blade enabled)
Or are they also relevant for access policy (only firewall blade enabled)

The help section
https://sc1.checkpoint.com/documents/R81.10/SmartConsole_OLH/EN/Topics-OLH/0H3yqvdWWDGUIa-i_DgWfw2.h...
is referring to IPS/ThreatPrevention only: Use this window to view Threat Prevention protections and their settings.


Thanks
Best Regards

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend
Legend
‎2023-03-20 04:17 AM
Jump to solution

No, these have been a part of IPS once, but now are core protections installed together with the access policy and working with IPS disabled. They include e.g. protocol parsing, deep inspection, VoIP (see for example: R81.10 VoIP Administration Guide - Configuring Inspection Settings in SmartConsole).

CCSE CCTE CCSM SMB Specialist

View solution in original post

0 Kudos
6 Replies
_Val_
Admin
Admin
‎2023-03-20 04:06 AM
Jump to solution

These settings are for Threat Prevention profiles and some additional related parameters. You can define multiple profiles and apply them to different populations of the Security Gateways. 

0 Kudos
G_W_Albrecht
Legend
Legend
‎2023-03-20 04:17 AM
Jump to solution

No, these have been a part of IPS once, but now are core protections installed together with the access policy and working with IPS disabled. They include e.g. protocol parsing, deep inspection, VoIP (see for example: R81.10 VoIP Administration Guide - Configuring Inspection Settings in SmartConsole).

CCSE CCTE CCSM SMB Specialist
0 Kudos
S_E_
Advisor
‎2023-03-20 06:07 AM
In response to G_W_Albrecht
Jump to solution

hi,

ok, that helps. So we will need check this section especially for 'TCP SYN Modified Retransmission' which we never saw an issue before.

Thanks. Best Regards

 

0 Kudos
G_W_Albrecht
Legend
Legend
‎2023-03-20 06:44 AM
In response to S_E_
Jump to solution

Do you currently experience a TCP SYN Modified Retransmission issue ?

CCSE CCTE CCSM SMB Specialist
0 Kudos
S_E_
Advisor
‎2023-03-20 07:56 AM
In response to G_W_Albrecht
Jump to solution

hi, there is/was an issue and we stumbled over sk63160 which points to IPS....

Best Regards

0 Kudos
the_rock
Legend
Legend
‎2023-03-20 06:12 AM
Jump to solution

@S_E_ Thats actually really good question mate. As Val said, you can always define more profiles, but default one is called "default" and there is also "recommended". If you look at what I pointed in below screenshot, hopefully it makes sense. If you want me to do any testing in R81.20 lab, happy to do so. Cheers.

Andy

 

Screenshot_1.png

 

Screenshot_2.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events