Create a Post
Showing results for 
Search instead for 
Did you mean: 

ips tuning

Hello, I received a request from a customer to perform IPS tuning on Checkpoint. Currently the customer has only one rule with the IPS profile active. In my opinion two rules should be created with two distinct ips profiles to divide the traffic according to the direction. One for inbound traffic and the other for outbound traffic . What do you think about my idea ? What do you recommend?

I've read the checkpoint best practices but they don't say much about how to proceed. Tips ?

0 Kudos
3 Replies

No real benefit to doing that since the protections are largely directional already and you’re likely doing App Control/URL Filtering as well, which use the same engines as IPS.
It might help to know the starting point you’re at (what profile you’re using, what version/JHF you’re at).

You can see what signature is using the most CPU with this tool:,
However, I wouldn’t do that until do some more fundamental tuning of system performance, including possibly changing the snd/fwk mix.
But start with the Super Seven commands:

0 Kudos
Employee Employee

What are your tuning objectives. Are you tuning for security, performance or a balance of both?

TailoredSafe (sk164812) and the IPS Analyzer Tool might be helpful:

IPS performance.jpg


0 Kudos
Legend Legend

As Chris said TailoredSafe and the IPS Analyzer Tool will be very helpful here.  IPS optimization was also covered in my Max Power 2020 book (pages 352-369), but the tuning techniques documented there are a bit of a manual slog compared to these newer tools doing a lot of the heavy lifting for you.  There is also some coverage of this topic in my IPS Immersion Course including the so-called "null profile" trick; IPS is definitely one of those blades that can be a bit intimidating to work with at first due to the sheer number of IPS protections...

Gateway Performance Optimization R81.20 Course
now available at
0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events