Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Fabz
Contributor
Jump to solution

Best Practice - Signature Update

Hi Checkmate,

Is there a best practice document for determining update interval for threat prevention database and appcontrol database?

exampleexample

Is the default time interval on the smart console in accordance with best practice?

I currently have the issue of high bandwidth towards *.checkpoint.com

 

Any impact if i change the deafult time interval to let say every midnight? since i got asked from operational team why CP has a lot query to CP domains. Merci!

0 Kudos
2 Solutions

Accepted Solutions
_Val_
Admin
Admin

As part of Threat Prevention, your GWs are using live communications with Threat Cloud for Anti-Bot live data, URL filtering, Applicaiton control and AVI, if any. These live updates allow us to provide you with immediate protection from recently discovered attacks.

On top, there are other communications Check Point security systems, both MGMT and GWs, may need. Please look into sk83520 for more details.


View solution in original post

0 Kudos
PhoneBoy
Admin
Admin

It is expected behavior for gateways to reach out to various checkpoint.com addresses, particularly if you are using URL Filtering or any of the Threat Prevention features.
We document the specific locations here: https://support.checkpoint.com/results/sk/sk83520

Increasing/decreasing these signature update intervals are unlikely to change the number of requests the gateway generates, as the requests are in response to real-time traffic received by the gateway.

View solution in original post

0 Kudos
4 Replies
_Val_
Admin
Admin

IPS/AB updates should not consume much bandwidth, even if done every second hour.

Are you sure this is because of your management side updates and NOT the actual communication to Threat Cloud from your GWs?

0 Kudos
Fabz
Contributor

yes we have some query from our GWs, is this due to communication with Threat Cloud? why directly to GWs not via management?

and also i have policy to block communication to several domain, manually in policy. but i think this is not related with high bandwidth utilization.

0 Kudos
_Val_
Admin
Admin

As part of Threat Prevention, your GWs are using live communications with Threat Cloud for Anti-Bot live data, URL filtering, Applicaiton control and AVI, if any. These live updates allow us to provide you with immediate protection from recently discovered attacks.

On top, there are other communications Check Point security systems, both MGMT and GWs, may need. Please look into sk83520 for more details.


0 Kudos
PhoneBoy
Admin
Admin

It is expected behavior for gateways to reach out to various checkpoint.com addresses, particularly if you are using URL Filtering or any of the Threat Prevention features.
We document the specific locations here: https://support.checkpoint.com/results/sk/sk83520

Increasing/decreasing these signature update intervals are unlikely to change the number of requests the gateway generates, as the requests are in response to real-time traffic received by the gateway.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events