Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
shiboo_suren
Participant

IPS Protection filter

Hi,

 

I want to understand what is dynamic and static IPS Protection. Also if we applied optimize profile then do basic profile still work?

 

Thanks

3 Replies
Timothy_Hall
Legend Legend
Legend

I'm not familiar with the terms "static" and "dynamic" being used to describe IPS Protections/Signatures.  Perhaps you are referring to IPS ThreatCloud Protections which can be dynamically updated from the Check Point ThreatCloud, while IPS Core Protections and Inspection Settings (formerly part of IPS but now part of the Access Policy in R80.10+) are "static", ship with the product as-is, and cannot be updated from the ThreatCloud?

As far as your profile question, it depends on the version of the gateway.   R77.30 and earlier gateways could only have one IPS Profile applied to traffic that was configured on the gateway object itself as the Protected Scope.  R80.10+ gateways can have multiple IPS Profiles applied to different types of traffic via rules in the Threat Prevention policy.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
shiboo_suren
Participant

 Management server R80 and gateway R77.30. Only optimize profile has been enabled but when i checked IPS log and click on go to IPS profile, i would take me to the basic profile. Not Optimize one.

 

Refer screen capture for static and dynamic protection.

 

static-dynamic protection.PNG 

0 Kudos
Timothy_Hall
Legend Legend
Legend

Specifically what is the version of your SMS, just R80 and not R80.XX right?

OK I see now, "Static" in your display refers to IPS Core Protections and "Dynamic" refers to IPS ThreatCloud Protections.  Core Protections use a different profile ("Basic" in your case) than the ThreatCloud Protections.  As mentioned in my IPS Immersion class Core Protections are in a kind of no-man's land between Inspection Settings & ThreatCloud Protections and are treated differently, see this thread for more info:

https://community.checkpoint.com/t5/IPS-Anti-Virus-Anti-Bot-Anti/IPS-Core-protection-I-need-help-to-...

This question seems to come up a lot...

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events