This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
FW-VPN-ITALY
Explorer
‎2021-02-06 10:22 AM

ips tuning

Hello, I received a request from a customer to perform IPS tuning on Checkpoint. Currently the customer has only one rule with the IPS profile active. In my opinion two rules should be created with two distinct ips profiles to divide the traffic according to the direction. One for inbound traffic and the other for outbound traffic . What do you think about my idea ? What do you recommend?

I've read the checkpoint best practices but they don't say much about how to proceed. Tips ?

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2021-02-06 01:52 PM

No real benefit to doing that since the protections are largely directional already and you’re likely doing App Control/URL Filtering as well, which use the same engines as IPS.
It might help to know the starting point you’re at (what profile you’re using, what version/JHF you’re at).

You can see what signature is using the most CPU with this tool: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...,
However, I wouldn’t do that until do some more fundamental tuning of system performance, including possibly changing the snd/fwk mix.
But start with the Super Seven commands: https://community.checkpoint.com/t5/Scripts/S7PAC-Super-Seven-Performance-Assessment-Commands/td-p/4...

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2021-02-06 09:01 PM

What are your tuning objectives. Are you tuning for security, performance or a balance of both?

TailoredSafe (sk164812) and the IPS Analyzer Tool might be helpful:

IPS performance.jpg

Refer:

https://community.checkpoint.com/t5/Infinity-Threat-Prevention/IPS-Analyzer-Tool-How-to-analyze-IPS-...

CCSM R77/R80/ELITE
0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2021-02-07 06:12 AM

As Chris said TailoredSafe and the IPS Analyzer Tool will be very helpful here.  IPS optimization was also covered in my Max Power 2020 book (pages 352-369), but the tuning techniques documented there are a bit of a manual slog compared to these newer tools doing a lot of the heavy lifting for you.  There is also some coverage of this topic in my IPS Immersion Course including the so-called "null profile" trick; IPS is definitely one of those blades that can be a bit intimidating to work with at first due to the sheer number of IPS protections...

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events