- Local User Groups
A quick question, In R80 are the inspection settings basically the application inspection as per the normal firewall settings? is this not part of the ips inspection?
In general the R80+ Inspection Settings are fundamental protocol inspections that were initially bundled under the IPS blade in R77.30 and earlier, but really didn't belong under IPS since they were performed as a fundamental part of stateful inspection. Here is an excerpt from my IPS Immersion course that explains the properties of Inspection Settings:
• Although they were part of the IPS blade in R77.XX and earlier, Inspection Settings are now part of the Access Control policy layers and no longer part of IPS/Threat Prevention in R80+ management. They perform protocol inspection that is inherent in the gateway’s stateful inspection process, and have the following attributes:
◦ As shown above Inspection Settings are part of the Access Control policy layers, so if any changes are made to them, the Access Policy needs to be installed to the gateway.
◦ Similarly to Core Activations, all Inspection Settings are included with a new software release, and are not updated via IPS Updates from the Check Point ThreatCloud.
◦ Inspection Settings Exceptions are specified separately from Threat Prevention Exceptions, so the main Threat Prevention Global exceptions DO NOT apply.
◦ One, some, or all Inspection Settings signatures can be specified in a single Inspection Setting Exception rule for an R80.10 gateway. For an R77.30 gateway, Inspection Settings Exceptions must be specified in the IPS layer under Threat Prevention.
◦ Each gateway has exactly one Inspection Settings Profile assigned to it.
Which Policy Type Should I Install After Making a Change?
This table summarizes which policy must be reinstalled to the gateway to make changes effective, depending upon which of the four “classes” of Protections were modified and the gateway version: