cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
carl_t
Iron

R80 Inspection settings

Hi All

A quick question, In R80 are the inspection settings basically the application inspection as per the normal firewall settings? is this not part of the ips inspection?

2 Replies
Highlighted
Admin
Admin

Re: R80 Inspection settings

They are considered firewall settings (not IPS) and require an Access Policy install to change.
There are also a few IPS protections that are "Core" and also require an Access Policy install, even with R80.x gateways.
Pre-R80 gateways will always require an Access Policy install to update IPS.
0 Kudos

Re: R80 Inspection settings

In general the R80+ Inspection Settings are fundamental protocol inspections that were initially bundled under the IPS blade in R77.30 and earlier, but really didn't belong under IPS since they were performed as a fundamental part of stateful inspection.  Here is an excerpt from my IPS Immersion course that explains the properties of Inspection Settings:

 

Spoiler

inspection_settings.jpg

• Although they were part of the IPS blade in R77.XX and earlier, Inspection Settings are now part of the Access Control policy layers and no longer part of IPS/Threat Prevention in R80+ management. They perform protocol inspection that is inherent in the gateway’s stateful inspection process, and have the following attributes:

    ◦ As shown above Inspection Settings are part of the Access Control policy layers, so if any changes are made to them, the Access Policy needs to be installed to the gateway.
    ◦ Similarly to Core Activations, all Inspection Settings are included with a new software release, and are not updated via IPS Updates from the Check Point ThreatCloud.
    ◦ Inspection Settings Exceptions are specified separately from Threat Prevention Exceptions, so the main Threat Prevention Global exceptions DO NOT apply.
    ◦ One, some, or all Inspection Settings signatures can be specified in a single Inspection Setting Exception rule for an R80.10 gateway. For an R77.30 gateway, Inspection Settings Exceptions must be specified in the IPS layer under Threat Prevention.
    ◦ Each gateway has exactly one Inspection Settings Profile assigned to it.

Which Policy Type Should I Install After Making a Change?

This table summarizes which policy must be reinstalled to the gateway to make changes effective, depending upon which of the four “classes” of Protections were modified and the gateway version:
ips_install.jpg

 

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com