Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
S_E_
Advisor
Jump to solution

Shared Policies | Inspection settings


hi,

perhaps a dumb question:

There is a menu Shared Policies | Inspection settings
There are a lot of paramter which you can modify.
The comment shows:
The following settings are set according to gateway settings and installed via Access Policy installation.

Are these parameter relevant for IPS/Threat prevention blade only? (firewall and IPS blade enabled)
Or are they also relevant for access policy (only firewall blade enabled)

The help section
https://sc1.checkpoint.com/documents/R81.10/SmartConsole_OLH/EN/Topics-OLH/0H3yqvdWWDGUIa-i_DgWfw2.h...
is referring to IPS/ThreatPrevention only: Use this window to view Threat Prevention protections and their settings.


Thanks
Best Regards

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

No, these have been a part of IPS once, but now are core protections installed together with the access policy and working with IPS disabled. They include e.g. protocol parsing, deep inspection, VoIP (see for example: R81.10 VoIP Administration Guide - Configuring Inspection Settings in SmartConsole).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

6 Replies
_Val_
Admin
Admin

These settings are for Threat Prevention profiles and some additional related parameters. You can define multiple profiles and apply them to different populations of the Security Gateways. 

G_W_Albrecht
Legend Legend
Legend

No, these have been a part of IPS once, but now are core protections installed together with the access policy and working with IPS disabled. They include e.g. protocol parsing, deep inspection, VoIP (see for example: R81.10 VoIP Administration Guide - Configuring Inspection Settings in SmartConsole).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
S_E_
Advisor

hi,

ok, that helps. So we will need check this section especially for 'TCP SYN Modified Retransmission' which we never saw an issue before.

Thanks. Best Regards

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Do you currently experience a TCP SYN Modified Retransmission issue ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
S_E_
Advisor

hi, there is/was an issue and we stumbled over sk63160 which points to IPS....

Best Regards

0 Kudos
the_rock
Legend
Legend

@S_E_ Thats actually really good question mate. As Val said, you can always define more profiles, but default one is called "default" and there is also "recommended". If you look at what I pointed in below screenshot, hopefully it makes sense. If you want me to do any testing in R81.20 lab, happy to do so. Cheers.

Andy

 

Screenshot_1.png

 

Screenshot_2.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events