Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tomer_Sole
Mentor
Mentor

How many IPS Profiles do you use?

Tell us how you do your IPS. 

Are you satified with the default definitions?

Do you start with the default Check Point profiles and customize? If so, what do you typically change? Do you change the default levels of confidence/severity/performance? Do you add Additional Inspection By Tags? Change the Threat Emulation/Threat Extraction settings? Disable Staging? Please share.

Please note I am referring to changing the profile, not disabling individual protections.

Just the Check Point "Recommended" Profile1
Just the R80.10 Check Point "Optimized" Profile2
Few of the Check Point Profiles ("Optimized", "Strict", "Basic" and "Recommended")0
1-2 profiles which I cloned from the default and customized.6
3-5 profiles which I customized7
6-9 customized profiles0
10+ customized profiles1
0 Kudos
2 Replies
Tomer_Sole
Mentor
Mentor

Small tip: the IPS Protections page, where you can disable individual protections, by default only shows you profiles which are in use by your threat prevention policy. So if you ever created a bunch of profiles but never really used them, they will not be displayed in the IPS Protections view by default, to save you some screen real estate. But you can change it though.

If these are the profiles which I use in my policy:

Then these are the columns that I will see in the IPS Protections page:

(By the way, I haven't updated IPS lately. We now have over 8,600 protections)

You can change the columns here:

0 Kudos
Manuel_Kuback
Contributor

In our case this heavily depends on our customers needs. Some have just one profile - so we clone the recommended one and customize it to fit the customers applications etc.

Others do have a border, core, dmz firewall so we do have some more profiles to customize.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events