This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
BeaconBits
Contributor
‎2019-05-18 12:15 PM

How packet flow works inside the IPS blade..?

Hello Everyone,

 

I am troubleshooting one of the issue that involve the IPS. 

But I'm unable to understand the IPS behaviour in terms of packet flow inside the IPS blade.

 

Can anyone share the IPS structure in Checkpoint firewall?

The administrative document does not explain well instead of configuration.

 

Regards,

B

0 Kudos
5 Replies
Danny
Champion Champion
Champion
‎2019-05-18 01:56 PM

  • SecureKnowledge sk95193: ATRG IPS
0 Kudos
Nick_Doropoulos
Advisor
‎2019-05-18 02:53 PM

Hi B,

I take it that you have already consulted the ATRG IPS document and that it has not provided you with the requested information.

Could you elaborate for us what is the exact problem you are facing please in case we can help?

Thanks.

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-05-18 03:21 PM

As far as IPS and its related features, it goes more or less like this in R80.10+:

1) Geo Policy Enforcement

2) Inspection Settings enforcement as part of Access Policy

3) Core Activations & ThreatCloud Protections early in the Threat Prevention policy

Please provide what problem you are looking to solve and the gateway version, as IPS is implemented quite differently in R77.30 and earlier.

 

 

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
0 Kudos
Lari_Luoma
Ambassador Ambassador
Ambassador
‎2019-05-18 07:09 PM
In response to Timothy_Hall

More technical, but still very simplified steps. Go ahead and read the IPS ATRG as recommended earlier.

  1. Passive Streaming (PSL)
    1. Re-ordering of packets
  2. Unified Streaming and ASPII
    1. US decides which parser will handle this traffic
    2. ASPII decides which protections to run for this traffic
  3. Protocol Parsers
    1. Parse protocols for RFC compliance etc. and recognize contexts.
    2. Inspection settings and core protections are executed here.
  4. CMI
    1.  Receives contexts from parsers.
    2. Executes relevant protections to traffic
    3. Returns result to parsers
0 Kudos
PhoneBoy
Admin
Admin
‎2019-05-19 08:34 PM

In addition to what everyone suggested, IPS is part of a much larger set of things going on.
See also the following
https://community.checkpoint.com/t5/General-Topics/Security-Gateway-Packet-Flow-and-Acceleration-wit...
https://community.checkpoint.com/t5/General-Topics/R80-x-Security-Gateway-Architecture-Logical-Packe...

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events