Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
bign
Explorer
Jump to solution

Allow my vulnerability scanner through gateway

Hi mates,

I've had a lot of trouble allowing a vulnerability scanner to scan my environment. Even after I allow the scanner in through firewall access control, IPS exception, General Inspection settings exception, and Application Control policy, I still some of the scanner's activity blocked. (Running R80.20 on all gateways)

Does anyone have a good way to allow, even temporarily, a scanner to have its way with an asset on the other side of the gateway?

Thanks very much everyone,

 

Aaron

0 Kudos
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion

Solution:

- create IPS, ... exception
- create "Fast Acceleration Rule"

The Fast Acceleration (picture 2 green) feature lets you define trusted connections to allow bypassing deep packet inspection on R80.20 Take 103/ R80.30 Take 107 and above gateways. This feature significantly improves throughput for these trusted high volume connections and reduces CPU consumption.

Fast_Accel_Rule.PNG

More read here:
R80.x - Performance Tuning Tip - Control SecureXL / CoreXL Paths

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

1 Reply
HeikoAnkenbrand
Champion Champion
Champion

Solution:

- create IPS, ... exception
- create "Fast Acceleration Rule"

The Fast Acceleration (picture 2 green) feature lets you define trusted connections to allow bypassing deep packet inspection on R80.20 Take 103/ R80.30 Take 107 and above gateways. This feature significantly improves throughput for these trusted high volume connections and reduces CPU consumption.

Fast_Accel_Rule.PNG

More read here:
R80.x - Performance Tuning Tip - Control SecureXL / CoreXL Paths

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events