This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Dr_Steve_Brule
Participant
‎2022-02-09 05:13 AM
Jump to solution

Critical performance IPS protections

I'm getting ready to enable a few critical performance IPS protections to satisfy some requirements from a vulnerability scan by our SOC.  I only need to enable these protections for only a couple of servers, so I was going to clone my existing Optimized profile that I'm currently using for all traffic and enable these necessary critical performance IPS protections on this new profile.  I will apply this new cloned profile to those servers as the protected scope and place it above my existing rule.

My question is regarding the performance impact - By enabling these critical performance protections, does the pattern matcher for these critical signatures apply to ALL traffic entering the gateway, and then only the IPSs protection are *enforced* per the new cloned profile I created?

or

Is only the traffic to/from those servers having the pattern matching applied, therefore, the scope of my potential performance impact is significantly reduced.  

Hope this makes sense...

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Legend Legend
Legend
‎2022-02-09 08:09 AM
Jump to solution

As long as you put the TP rule enabling the Critical protections in the same TP layer and above the original rule with the lower-impact protections (not in a separate second TP layer), and keep the Protected Scope as specific as possible on that first rule it will be the latter. 

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm

View solution in original post

1 Reply
Timothy_Hall
Legend Legend
Legend
‎2022-02-09 08:09 AM
Jump to solution

As long as you put the TP rule enabling the Critical protections in the same TP layer and above the original rule with the lower-impact protections (not in a separate second TP layer), and keep the Protected Scope as specific as possible on that first rule it will be the latter. 

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events