This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Serebryakov_Dmi
Explorer
‎2019-06-19 12:55 AM

Inspection Settings - Profile cloning feature required

Hi All,

 

I`m a little confused by the impossibility of cloning Inspection Profile in R80+ management (R80.20 and R80.30).

Manage & Settings -> Inspection Settings -> Profiles. Сan only make a new inspection profile.

 

The `New` Inspection Profile is created with default settings (the same as `Default Inspection` Profile) - almost everything parser settings is Inactive.


Is there any way to make a `New` Inspection Profile the same as the `Recommended Inspection` Profile?

A lot of movements and mouse clicks need to be done in order to bring the `New` Inspection Profile to a more or less normal (secure) state 🙂 since we use nearly all non-heavy load inspections.

4 Replies
PhoneBoy
Admin
Admin
‎2019-06-23 02:41 PM

Not aware of a way to clone an existing inspection profile, but can definitely see where it would be useful.
0 Kudos
Serebryakov_Dmi
Explorer
‎2019-06-24 08:38 AM
In response to PhoneBoy

here is support answer:

I have checked the sk you referred to and I can see that in R80.10 the option of cloning is eliminated completely: "In the next Jumbo Hotfix of R80.10 this option will be eliminated".
That is why this option is not present on R80.20 or R80.30.

If you would like the clone to be present, you may form an RFE to our local office.
Apparently right now there is no other way to create a new inspection profile with Recommended Inspection defaults.

 

0 Kudos
Lari_Luoma
Ambassador Ambassador
Ambassador
‎2019-06-24 12:59 PM
In response to Serebryakov_Dmi

Creating a new Inspection Settings profile uses the same settings as the default-profile. As there are not so many protections in the inspection settings I don't see a need to clone the existing profile. The other reason why I think it's better (and safer) to create a new profile than clone the existing one is that some of the settings can be quite dangerous and you really should understand your environment well before changing any of the settings.

This is why I really would recommend using the default-profile unless you know exactly what you want to change and why. You might have some non-RFC compliant DNS for example in your network and enabling that protection would cause your DNS to stop working.

This is my personal opinion based on what I've seen on the field. Feel free to disagree. 🙂

0 Kudos
Norbert_Bohusch
Advisor
‎2019-06-24 11:35 PM
In response to Lari_Luoma

But that's why one would like to start from a clone of "Recommended Settings", because then one can start from a well designed secure point and only fine tune in regards of their environment.

When starting from "Default Settings" this is more work to be done!

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events