In general the R80+ Inspection Settings are fundamental protocol inspections that were initially bundled under the IPS blade in R77.30 and earlier, but really didn't belong under IPS since they were performed as a fundamental part of stateful inspection. Here is an excerpt from my IPS Immersion course that explains the properties of Inspection Settings:
• Although they were part of the IPS blade in R77.XX and earlier, Inspection Settings are now part of the Access Control policy layers and no longer part of IPS/Threat Prevention in R80+ management. They perform protocol inspection that is inherent in the gateway’s stateful inspection process, and have the following attributes:
◦ As shown above Inspection Settings are part of the Access Control policy layers, so if any changes are made to them, the Access Policy needs to be installed to the gateway.
◦ Similarly to Core Activations, all Inspection Settings are included with a new software release, and are not updated via IPS Updates from the Check Point ThreatCloud.
◦ Inspection Settings Exceptions are specified separately from Threat Prevention Exceptions, so the main Threat Prevention Global exceptions DO NOT apply.
◦ One, some, or all Inspection Settings signatures can be specified in a single Inspection Setting Exception rule for an R80.10 gateway. For an R77.30 gateway, Inspection Settings Exceptions must be specified in the IPS layer under Threat Prevention.
◦ Each gateway has exactly one Inspection Settings Profile assigned to it.
Which Policy Type Should I Install After Making a Change?
This table summarizes which policy must be reinstalled to the gateway to make changes effective, depending upon which of the four “classes” of Protections were modified and the gateway version:
| User | Count |
|---|---|
| 7 | |
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 2 |
Thu 14 Nov 2024 @ 03:00 PM (CET)
AI Series Part 2: Navigating AI to Balance Cyber Risks and Benefits - EMEA SessionThu 14 Nov 2024 @ 11:00 AM (EST)
Tips and Tricks 2024 #20: When Every Second Counts: Cybersecurity Incident ResponseThu 14 Nov 2024 @ 02:00 PM (EST)
AI Series Part 2: Navigating AI to Balance Cyber Risks and Benefits - Americas SessionTue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSThu 14 Nov 2024 @ 03:00 PM (CET)
AI Series Part 2: Navigating AI to Balance Cyber Risks and Benefits - EMEA SessionThu 14 Nov 2024 @ 11:00 AM (EST)
Tips and Tricks 2024 #20: When Every Second Counts: Cybersecurity Incident ResponseThu 14 Nov 2024 @ 02:00 PM (EST)
AI Series Part 2: Navigating AI to Balance Cyber Risks and Benefits - Americas SessionWed 20 Nov 2024 @ 05:00 PM (CET)
Under the Hood: DO NOT Renew your WAF without watching THIS!!Tue 26 Nov 2024 @ 05:00 PM (CET)
Discover the Future of Cybersecurity: What’s New in Check Point’s Quantum Firewall R82Tue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 02:00 PM (MST)
Denver South: Infinity External Risk Management and Harmony SaaSThu 21 Nov 2024 @ 02:00 PM (MST)
Denver North: Infinity External Risk Management and Harmony SaaSTue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management Workshop
