This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
MRossi92
Participant
‎2019-10-08 08:45 AM

IPS - Basics Protections

Hello

I want to know if there are some specific information about basic IPS Signatures.

We have an external IPS (Main) but we need to enable some signatures in CheckPoint Firewall to protect if any signature escaped from the main IPS.

Thanks.

Regards.

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2019-10-08 03:30 PM

Not clear on what your question is.
0 Kudos
FedericoMeiners
Advisor
‎2019-10-08 07:49 PM

We have like 9000 signatures (or more maybe). I highly suggest you to check which protections are enabled the IPS default profile.

You can also use filters or categories to see specific signatures (ie: linux, wordpress, etc)

Hope it helps

_____

____________
https://www.linkedin.com/in/federicomeiners/
0 Kudos
MRossi92
Participant
‎2019-10-17 06:34 AM
In response to FedericoMeiners

Thank you Federico.

And from the Inspection Settings from "Shared Policies". I would like to protect my infraestructure from attacks like SYN FLOOD.

How its works de Inspection Settings signatures? 

Thank you

 

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-10-17 06:58 AM

First off, I'm assuming that you are using R80.10 or later on your gateway.  In R80.10+ there are essentially four separate types of signatures/protections that were formerly all part of IPS in R77.30 and earlier:

  1. IPS ThreatCloud Protections (part of Threat Prevention)
  2. Core Protections (part of Access Control...sort of)
  3. Inspection Settings (part of Access Control)
  4. Geo Policy (part of Access Control)

If you still have R77.30 or earlier gateways management of IPS is much more complicated.  I'm happy to answer specific questions about IPS that were covered in my IPS Immersion course, but I'd suggest reading the relevant Check Point IPS documentation first as this is a rather large topic.

 

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2
0 Kudos
MRossi92
Participant
‎2019-10-17 07:15 AM
In response to Timothy_Hall

My version of gateway is R80.20SP and the managment also.

We have a 64000 appliance. My specific question is for Inspection Settings (part of Access Control).

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top