Core Activations (39 total) exist in a kind of “no–man’s land” between ThreatCloud Protections and Inspection Settings for technical reasons. They typically enforce protocol standards via a protocol parser. Core Activations are assigned to a firewall using a separate profile, that is NOT applied to a firewall in the TP/IPS policy layers. They have the following attributes:
• Instead of the typical Inactive/Prevent/Detect options for each Core Activation, “See Details...” appears instead
• Exceptions can only be added for a single Core Activation signature at a time, and the main Threat Prevention Global & Custom Exceptions DO NOT apply
• Core Activations ship with the product and are not modified or augmented by updates from the Check Point ThreatCloud
• Under R80+ management, if configuration changes are made to existing Core Activations, they can be made active on the gateway by:
◦ R77.XX gateway: Install the Access Control Policy
◦ R80.10+ gateway: Install the Access Control Policy (NOT Threat Prevention)
• Core Activations have a “shield with firewall” icon to designate their special status and will typically have an “Advanced” screen available where the Activation can be further tuned or adjusted.
For Core Activations, in the IPS Protections window portion of the Threat Prevention policy, search for the protection “Sweep Scan”, double-click the Sweep Scan protection then select Gateways:
There is one (and only one) profile for the 39 Core Protections assigned here, make a note of it; be aware that this profile name may well be different from the one(s) in your TP policy layer!