Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Participant

Disable Automatic Policy Pushing

Good Afternoon -

Can someone please shed some light on how we can stop our 3150 Mgmt station from automatically pushing policy to our configured SMB gateways.

We have each gateway object configured to fetch policy manually, but our management station attempts to push everyday at 1200 EST even though we do not have anything explicitly scheduled on the Mgmt station or the gateways.

I have a feeling this is going to be something simple that has been overlooked!

 

Thanks!!

0 Kudos
Reply
3 Replies
Leader
Leader

Hello,

are sure with automatic push of policy ?

That‘s an upcoming feature in a future release.

If you have SMB gateways and configure these with Smartprovisioning, they do a fetch of the policy every 20min .

That‘s the only automatic policy install I‘m aware of. Maybee some schedule job via API do this.

Wait, one more idea.... Maybee you did an update of your IPS pattern every 1200EST and do an policy install if update is succesfull. This is configured in the ThreatPrevention policy in the updates part.

Wolfgang

0 Kudos
Reply
Participant

This is a good suggestion!  

Smart Provisioning was not used for these gateways.

We DO have:  'Enable IPS scheduled updates on the Security Management Server and Security Gateway' 

                        'On Successful IPS update on the Security Management Server, install policy on the Security Gateway'

And I think that you are on the mark!

These lines appear to be the culprit  ---> 'Access Control policy installation will be performed for Pre R80 gateways'

                                                                         'Threat Prevention policy installation will be performed for R80 and above gateways'

All of our SMBs are on R77.20.87 - hence, the access control policy gets pushed. We really only want the Threat Prevention to push automatically, but it looks like we are stuck with it for now.

Thank you!!!

 

 

 

 

 

 

 

0 Kudos
Reply
Leader
Leader

Yes, with the SMBs running these release you can‘t differentiate between access and ThreatPrevention policy. You have to wait for R80.xx for SMB appliances. At the moment it‘s only available for 1500 appliances.
Check Point R80.20 for 1500 Appliances Features and Known Limitations 

Wolfgang

0 Kudos
Reply