Pre-R80 security Management was blade-oriented. Every blade had its separated tab and configuration. R80 changes the blade-oriented approach to a more fluid task-oriented approach, and when it comes to policy management, it differentiates between two worlds: Access Control and Threat Prevention.
R77:
R80:
So when we open SmartConsole and navigate to Security Policies, we can find that the IPS blade is inside the Threat Prevention policy, but in a separated layer. This is because concepts for managing IPS for pre-R80 Gateways are still different from the other threat prevention blades (Anti-Bot, Anti-Virus, Threat Emulation and in R80.10 Threat Extraction - for the rest of this topic we will call them "General threat prevention blades").
R80.10 Gateways will introduce changes for the IPS blade in order to share the same concepts in enforcement as the general threat prevention blades. But anything that doesn't involve upgrading a Gateway, is already maintained in R80 threat prevention policy management, in order to allow more intuitive daily work and separation from access control.
When working on threat prevention policies in R80, you may attempt to change your policy in ways that require an R80.10 Gateway. In order to separate between Security Management features and Security Gateway features, please see this table below.
Action | Pre-R80 Gateways | R80.10 Gateways and Above | What happens if the user attempts to do R80.10 actions for Pre-R80 Gateways in SmartConsole? |
Type of policy to install for IPS | Access Control (IPS is dependent on Firewall modules) | Threat Prevention | Install Policy dialog displays a warning message.
|
How many threat prevention layers can the user create? | If enabled, 1 IPS layer. If enabled, 1 general threat prevention layer. | As many layers as he likes. | It is impossible in SmartConsole to delete an IPS layer with rules that have pre-R80 Gateways under the "install on" column.
Attempting to add more than 1 general threat prevention layer will fail policy installation.
|
Can the user use the same layer for IPS and general threat prevention blades? | No | Yes | Profiles with both blades will show the icons grayed out in layers which do not enforce them.
|
Can the user create different IPS policies? | No | Yes | The IPS layer is maintained automatically and shared in all policies.
|
Protecting specific scope by a threat prevention profile | General threat prevention blades only (not IPS). | All threat prevention blades including IPS. | Protected Scope column is not available for the IPS layer for Pre-R80 Gateways. Source and Destination columns appear instead.
|
Changing the action of an exception rule from "inactive" to "prevent/detect" | Allowed for general threat prevention blades only. | Allowed for all threat prevention blades. | A warning during install policy. Pre-R80 Gateways will not receive exceptions with modified actions.
|
Please share your experience with building threat prevention policies in R80. A lot of thought was put in simplifying the policy management process while signaling the differences in enforcement. We are very interested with your feedback.
Pre-R80 security Management was blade-oriented. Every blade had its separated tab and configuration. R80 changes the blade-oriented approach to a more fluid task-oriented approach, and when it comes to policy management, it differentiates between two worlds: Access Control and Threat Prevention.
R77:
R80:
So when we open SmartConsole and navigate to Security Policies, we can find that the IPS blade is inside the Threat Prevention policy, but in a separated layer. This is because concepts for managing IPS for pre-R80 Gateways are still different from the other threat prevention blades (Anti-Bot, Anti-Virus, Threat Emulation and in R80.10 Threat Extraction - for the rest of this topic we will call them "General threat prevention blades").
R80.10 Gateways will introduce changes for the IPS blade in order to share the same concepts in enforcement as the general threat prevention blades. But anything that doesn't involve upgrading a Gateway, is already maintained in R80 threat prevention policy management, in order to allow more intuitive daily work and separation from access control.
When working on threat prevention policies in R80, you may attempt to change your policy in ways that require an R80.10 Gateway. In order to separate between Security Management features and Security Gateway features, please see this table below.
Action | Pre-R80 Gateways | R80.10 Gateways and Above | What happens if the user attempts to do R80.10 actions for Pre-R80 Gateways in SmartConsole? |
Type of policy to install for IPS | Access Control (IPS is dependent on Firewall modules) | Threat Prevention | Install Policy dialog displays a warning message.
|
How many threat prevention layers can the user create? | If enabled, 1 IPS layer. If enabled, 1 general threat prevention layer. | As many layers as he likes. | It is impossible in SmartConsole to delete an IPS layer with rules that have pre-R80 Gateways under the "install on" column.
Attempting to add more than 1 general threat prevention layer will fail policy installation.
|
Can the user use the same layer for IPS and general threat prevention blades? | No | Yes | Profiles with both blades will show the icons grayed out in layers which do not enforce them.
|
Can the user create different IPS policies? | No | Yes | The IPS layer is maintained automatically and shared in all policies.
|
Protecting specific scope by a threat prevention profile | General threat prevention blades only (not IPS). | All threat prevention blades including IPS. | Protected Scope column is not available for the IPS layer for Pre-R80 Gateways. Source and Destination columns appear instead.
|
Changing the action of an exception rule from "inactive" to "prevent/detect" | Allowed for general threat prevention blades only. | Allowed for all threat prevention blades. | A warning during install policy. Pre-R80 Gateways will not receive exceptions with modified actions.
|
Please share your experience with building threat prevention policies in R80. A lot of thought was put in simplifying the policy management process while signaling the differences in enforcement. We are very interested with your feedback.
| User | Count |
|---|---|
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 2 | |
| 2 |
Mon 18 Nov 2024 @ 03:00 PM (CET)
EMEA CM LIve: Enhancing Security for Hybrid Workplace and Remote WorkforceMon 18 Nov 2024 @ 02:00 PM (EST)
Americas CM Live: Enhancing Security for Hybrid Workplace and Remote WorkforceTue 19 Nov 2024 @ 03:00 PM (CET)
AI Series Part 3: Maximising AI to Drive Growth and Efficiency (EMEA)Tue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 05:00 PM (CET)
Under the Hood: DO NOT Renew your WAF without watching THIS!!Mon 18 Nov 2024 @ 03:00 PM (CET)
EMEA CM LIve: Enhancing Security for Hybrid Workplace and Remote WorkforceMon 18 Nov 2024 @ 02:00 PM (EST)
Americas CM Live: Enhancing Security for Hybrid Workplace and Remote WorkforceTue 19 Nov 2024 @ 03:00 PM (CET)
AI Series Part 3: Maximising AI to Drive Growth and Efficiency (EMEA)Wed 20 Nov 2024 @ 05:00 PM (CET)
Under the Hood: DO NOT Renew your WAF without watching THIS!!Mon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 02:00 PM (MST)
Denver South: Infinity External Risk Management and Harmony SaaSThu 21 Nov 2024 @ 02:00 PM (MST)
Denver North: Infinity External Risk Management and Harmony SaaSTue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management Workshop
