- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Harmony Mobile 4:
New Version, New Capabilities
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi,
It is my first time configuring checkpoint products and i am still having some issues with the IPS.
I have a R80.10 firewall module with IPS enabled ( and configured in a rather strict profile) and a vulnerable web server behind it.
When I attack the web server, the IPS properly detects URL-based attack ( for instance a SQLi where the injection is in URL parameters ) but it doesn't detect or block anything that is done in the "body" of the request, for instance in POST params.
As i am a beginner this could be induced by a stupid configuration mistake but i did not find any sk specific to that issue.
Thank you in advance for your time and help.
I can suggest the document Check Point R80.10 IPS Best Practices Guide for first time configuration. To check if there is a config issue, you can search the CVEs of the exploits tested.
Hi,
the CVE for SQL injection shows as "drop" for my IPS profile. It is more tricky for other exploits, like command injection over HTTP, where there is no CVE. It is, however, in prevention mode in my profile.
The you had better ask TAC about this...
A continuation of this thread, I see: R80.10 Security Gatway IPS detects SQLi but not command injection
I'll ask the experts internally
Yes, although i poorly identified the problem at first, i thought it was best to open two threads to clarify that there are actually two different issues.
Thank you for your help.
It is two different issues, correct, but along the same lines
The protection should cover all parts of the HTTP request, but it's possible something was missed.
I'm going to have R&D reach out to you privately to get the details of what you're doing so we can improve the protection.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY