i see on threat prevention engine settings, there is same options like this.

is that same options?

note : name blade show in log is Anti-Bot, sorry i think this options is only one for threat prevention.

Thanks Regards

Dio Aditya Pradana

i see on threat prevention engine settings, there is same options like this.

is that same options?

note : name blade show in log is Anti-Bot, sorry i think this options is only one for threat prevention.

Thanks Regards

Dio Aditya Pradana

You almost got it : - ). Here is what we are referring to brother. I attached 3 screenshots for you.

Andy

You almost got it : - ). Here is what we are referring to brother. I attached 3 screenshots for you.

Andy

Hi @the_rock thanks for your explanation, i will checks first on that configuration.

This default right?  i mean this options, even in my lab this options already same like your advice.

Thanks Regards

Dio Aditya Pradana

Hi @the_rock thanks for your explanation, i will checks first on that configuration.

This default right?  i mean this options, even in my lab this options already same like your advice.

Thanks Regards

Dio Aditya Pradana

You are right, it is default, but as a test, I would change fail mode to allow, push policy and test.

Andy

You are right, it is default, but as a test, I would change fail mode to allow, push policy and test.

Andy

Hi @the_rock 

i have question about checkpoint online web service, do you know any SK related to this service?

And i just want to make this clear, i think when traffic going through security gateway, this service will hold this traffic for categorization? i think checkpoint online web service, work like this, CMIIW

If the categorization failed the traffic will not able going to destination right? and the result on user, web server doesn't appear.

Thank regards

Dio Aditya Pradana

Hi @the_rock 

i have question about checkpoint online web service, do you know any SK related to this service?

And i just want to make this clear, i think when traffic going through security gateway, this service will hold this traffic for categorization? i think checkpoint online web service, work like this, CMIIW

If the categorization failed the traffic will not able going to destination right? and the result on user, web server doesn't appear.

Thank regards

Dio Aditya Pradana

I think we're skipping over some fundamentals.

Before changing these settings can you please describe how your access & threat prevention policies are defined?

* Are URLF & AppC rules referencing a destination of internet (not any)?

* Are the web servers on the internal LAN or in the DMZ?

* What Threat Prevention exceptions do you have configured?

I think we're skipping over some fundamentals.

Before changing these settings can you please describe how your access & threat prevention policies are defined?

* Are URLF & AppC rules referencing a destination of internet (not any)?

* Are the web servers on the internal LAN or in the DMZ?

* What Threat Prevention exceptions do you have configured?

I totally agree @Chris_Atkinson . @Adity12 , if you could give us more details about what Chris mentioned, it would help. 

Andy

I totally agree @Chris_Atkinson . @Adity12 , if you could give us more details about what Chris mentioned, it would help. 

Andy

@Chris_Atkinson  as far i know URLF & AppC rule is used on gateway cluster internet, and for web server is internal, am not sure about this, i will double check again.

Note: actually this case already resolved, but end user still want know the root cause this issue, so i think maybe you already see this issue before, for resolve this issue they just delete default routing from isp 2. ( they have 2 isp )

I hope thats makes sense.

Thanks Regards

Dio Aditya Pradana

@Chris_Atkinson  as far i know URLF & AppC rule is used on gateway cluster internet, and for web server is internal, am not sure about this, i will double check again.

Note: actually this case already resolved, but end user still want know the root cause this issue, so i think maybe you already see this issue before, for resolve this issue they just delete default routing from isp 2. ( they have 2 isp )

I hope thats makes sense.

Thanks Regards

Dio Aditya Pradana

Hi @Chris_Atkinson,

Sorry for late response,

I will answer your question one by one:

1. Are URLF & AppC rules referencing a destination of internet (not any)? yes, AppC & URLF referencing a destination to internet.

2. Are the web servers on the internal LAN or in the DMZ? Internal LAN

3. What Threat Prevention exceptions do you have configured? for now only exception for IPS, to allow some traffic from Internet Banking

I hope thats make sense, if not let me know.

Thanks Regards 

Dio Aditya Pradana

Hi @Chris_Atkinson,

Sorry for late response,

I will answer your question one by one:

1. Are URLF & AppC rules referencing a destination of internet (not any)? yes, AppC & URLF referencing a destination to internet.

2. Are the web servers on the internal LAN or in the DMZ? Internal LAN

3. What Threat Prevention exceptions do you have configured? for now only exception for IPS, to allow some traffic from Internet Banking

I hope thats make sense, if not let me know.

Thanks Regards 

Dio Aditya Pradana

Correct, thats default setting. What is your other question?

Correct, thats default setting. What is your other question?