cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Quinn_Yost
Nickel

Compliance: Option to not analyze CP default IPS profiles

Jump to solution

I've looked and tried to find an option to not analyze the default Check Point IPS profiles.   In my test configuration, I have created a new profile and tuned it for performance and compliance.  All my gateways are set to use this profile.  However, when the compliance engine runs, it continues to report "Poor" status for some IPS checks because the "Default Inspection" profile fails to meet compliance.

Have I missed a setting, or is this something else that will need a future release to address?

0 Kudos
1 Solution

Accepted Solutions

Re: Compliance: Option to not analyze CP default IPS profiles

Jump to solution

Just to clarify: In R80 and R80.10 you can uncheck the checkbox next to an IPS profile object in every broken best-practice. This will deactivate the object on the specific best-practice. So this is the workaround. And if that object happens to be a Gateway, you can take it out of the scope of Compliance blade. In the future, we are planning to deactivate all best practices for any type of object.

0 Kudos
2 Replies

Re: Compliance: Option to not analyze CP default IPS profiles

Jump to solution

Hi Quinn, this is a limitation of R80 that we will resolve in our next releases.

0 Kudos

Re: Compliance: Option to not analyze CP default IPS profiles

Jump to solution

Just to clarify: In R80 and R80.10 you can uncheck the checkbox next to an IPS profile object in every broken best-practice. This will deactivate the object on the specific best-practice. So this is the workaround. And if that object happens to be a Gateway, you can take it out of the scope of Compliance blade. In the future, we are planning to deactivate all best practices for any type of object.

0 Kudos