Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dario1
Participant

IPS Global Policy protections are assigned to local GW cluster but the local protections don’t sync

First of all, all the best in the New 2021

Background info: We running R80.40 MDS with 10 CMA’s and the physical gateway clusters are running R80.20. Our CP hardware is sized to comfortably run IPS blade. The plan was to create a threat Prevention global policy IPS global profile, update the IPS protections then assign this global policy to 10 CMA’s each containing number of firewall clusters.  The new protections downloaded via the global profile are set to “Staging Mode – Detect”. I do remember CheckPoint no longer recommends the use of staging mode but we used it just to test that the new global policy protections flagged up in staging mode are being replicated to the local gateway TP policy and they are not. In our environment being able to download and manage IPS protections via the global policy for each CMA so that any global TP changes get pushed down to the local policy would be a huge benefit in terms of time management compared to having to manage each IPS policy for every FW cluster individually. Unfortunately this does not work and the global policy does not sync the protections despite successful global policy assignment with the CMA, any ideas, appreciate your help?

I would be grateful for any specific instructions on how to configure the global policy TP protections so that these are then propagated to the local gateway clusters as per global policy. Hopefully this makes sense.

Config:

Global Policy IPS Profile is set to: Active – Accordint to profile. Set activation as staging mode - Detect

Global TP policy is assigned to the local CMA and the gateway successfully and shows in the local TP

Local GW Cluster Policy IPS protections - set to: USE IPS management updates

Gateway Cluster – is set to “Detect Only”

Issue:

Changing staging protections in global policy does not update the local TP policy accordingly, any ideas?

 

 

 

0 Kudos
3 Replies
Nandhakumar
Contributor

I have also similar issue. But here, whatever I am making changes in global IPS profile will get reflect in some of the local policies but some of the policies it not.

Can anyone advise what could be the cause or options we need to look for? 

@PhoneBoy @Timothy_Hall Can you shed some light on this?

0 Kudos
Nandhakumar
Contributor

Can we have update on this please if you have any or I have to left out with Open TAC case

0 Kudos
PhoneBoy
Admin
Admin

I may be wrong--and you might want to check with the TAC to confirm--but I don't believe you can configure a "global" policy for Threat Prevention.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events