This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Oliver_Matt
Contributor
Thursday

Autonomous Threat Prevention and Core Protections / Inspection Settings

Hi all,

we've switched to the autonomous threat prevention (R81.20) and I was wondering if the "old" IPS settings still apply in any way?

Profiles created / copied from the default Profiles (No-Prevention, Basic, Optimized, Recommended_Protection and Strict) under "Custom Policy" should be completely out of business - right?

Inspection Settings (Shared Policies) are still active and "Recommend Inspection" has to be used as best-practise

But what is with the Core Protections?

The only show up when I switch to the "Custom Policy" section. Since they have been activated in the older days without having IPS enabled I wonder if they are still in use after the switch to autonomous threat prevention?

Kind regards

Oliver

0 Kudos
2 Replies
Tal_Paz-Fridman
Employee
Employee
Thursday

Core Protections - although shown under IPS are part of Access Control Policy and not Threat Prevention Policy.

This means they still apply:

https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_ThreatPrevention_AdminGuide/Conten...

See section for Protection Types:

  • Core protections - These protections are included in the product and are assigned per gateway. They are part of the Access Control policy

In SmartConsole select Profiles (under Custom Policy Tools) > in the bottom pane press on link to Core Protections

 

Core Protections.png

0 Kudos
Oliver_Matt
Contributor
Thursday
In response to Tal_Paz-Fridman

Ok - understood. But just to make sure: This is only for the Core Activations specified in the profile. The other profile settings (marked pink) have no impact on the autonomous threat profil?

So it would be possible to create a profile under custom profiles with everything deactivated and only specify the needed settings for the Core Activations?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top