This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kamiar_Sh
Contributor
‎2018-12-10 06:02 AM

update IPS on R77.30 clusters

Hi , I have 3 cluster gateways managed by Gaia R77.30(complex network with 300 site-site VPNs and multiple server ) and I want to update IPS on each gateway and these are my questions:

1- what pre-requisite  needed before starting update?

2- what potential impact should I expect?

3-and how to troubleshoot if any impact happen ?

4-is there any backout plan ?

appreciate if you can share your experiences?

2 Replies
G_W_Albrecht
Legend Legend
Legend
‎2018-12-10 06:26 AM

I would suggest a manual IPS Update to the SMS, followed by a policy install. If the GWs have experienced no issues during policy install in the past and the load during it is not high, this is the way to go.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Lari_Luoma
Ambassador Ambassador
Ambassador
‎2018-12-10 03:49 PM

1. Check Point User Center credentials and Internet access from the SmartConsole machine needed in R77.30 (for manual IPS update). In R80.20 you can specify whether you want to run the manual update from SC-machine, management server or gateway. SmartEvent is highly recommended for IPS reporting and visibility.

2.To minimize impact and false positives it's recommended that when you first deploy IPS you enable it in detect-mode for a couple of weeks period. After this you analyze all possible IPS events using SmartEvent and tune the protections accordingly.

3. R77.30 has a special troubleshooting mode that will change all (most) protections into detect-mode. If you see that some legitimate traffic is dropping add an exception for it.

4. Backout plan is to enable troubleshooting (R77.x) or detect mode (in R80.x) and install policy.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events