This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Fabz
Contributor
‎2023-06-05 02:36 AM
Jump to solution

Best Practice - Signature Update

Hi Checkmate,

Is there a best practice document for determining update interval for threat prevention database and appcontrol database?

exampleexample

Is the default time interval on the smart console in accordance with best practice?

I currently have the issue of high bandwidth towards *.checkpoint.com

 

Any impact if i change the deafult time interval to let say every midnight? since i got asked from operational team why CP has a lot query to CP domains. Merci!

0 Kudos
2 Solutions

Accepted Solutions
_Val_
Admin
Admin
‎2023-06-05 05:19 AM
In response to Fabz
Jump to solution

As part of Threat Prevention, your GWs are using live communications with Threat Cloud for Anti-Bot live data, URL filtering, Applicaiton control and AVI, if any. These live updates allow us to provide you with immediate protection from recently discovered attacks.

On top, there are other communications Check Point security systems, both MGMT and GWs, may need. Please look into sk83520 for more details.


View solution in original post

0 Kudos
PhoneBoy
Admin
Admin
‎2023-06-05 09:45 AM
Jump to solution

It is expected behavior for gateways to reach out to various checkpoint.com addresses, particularly if you are using URL Filtering or any of the Threat Prevention features.
We document the specific locations here: https://support.checkpoint.com/results/sk/sk83520

Increasing/decreasing these signature update intervals are unlikely to change the number of requests the gateway generates, as the requests are in response to real-time traffic received by the gateway.

View solution in original post

0 Kudos
4 Replies
_Val_
Admin
Admin
‎2023-06-05 03:05 AM
Jump to solution

IPS/AB updates should not consume much bandwidth, even if done every second hour.

Are you sure this is because of your management side updates and NOT the actual communication to Threat Cloud from your GWs?

0 Kudos
Fabz
Contributor
‎2023-06-05 03:55 AM
In response to _Val_
Jump to solution

yes we have some query from our GWs, is this due to communication with Threat Cloud? why directly to GWs not via management?

and also i have policy to block communication to several domain, manually in policy. but i think this is not related with high bandwidth utilization.

0 Kudos
_Val_
Admin
Admin
‎2023-06-05 05:19 AM
In response to Fabz
Jump to solution

As part of Threat Prevention, your GWs are using live communications with Threat Cloud for Anti-Bot live data, URL filtering, Applicaiton control and AVI, if any. These live updates allow us to provide you with immediate protection from recently discovered attacks.

On top, there are other communications Check Point security systems, both MGMT and GWs, may need. Please look into sk83520 for more details.


0 Kudos
PhoneBoy
Admin
Admin
‎2023-06-05 09:45 AM
Jump to solution

It is expected behavior for gateways to reach out to various checkpoint.com addresses, particularly if you are using URL Filtering or any of the Threat Prevention features.
We document the specific locations here: https://support.checkpoint.com/results/sk/sk83520

Increasing/decreasing these signature update intervals are unlikely to change the number of requests the gateway generates, as the requests are in response to real-time traffic received by the gateway.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events