This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
shiboo_suren
Participant
‎2019-11-13 12:54 AM

IPS Protection filter

Hi,

 

I want to understand what is dynamic and static IPS Protection. Also if we applied optimize profile then do basic profile still work?

 

Thanks

3 Replies
Timothy_Hall
Legend Legend
Legend
‎2019-11-13 04:57 AM

I'm not familiar with the terms "static" and "dynamic" being used to describe IPS Protections/Signatures.  Perhaps you are referring to IPS ThreatCloud Protections which can be dynamically updated from the Check Point ThreatCloud, while IPS Core Protections and Inspection Settings (formerly part of IPS but now part of the Access Policy in R80.10+) are "static", ship with the product as-is, and cannot be updated from the ThreatCloud?

As far as your profile question, it depends on the version of the gateway.   R77.30 and earlier gateways could only have one IPS Profile applied to traffic that was configured on the gateway object itself as the Protected Scope.  R80.10+ gateways can have multiple IPS Profiles applied to different types of traffic via rules in the Threat Prevention policy.

 

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
0 Kudos
shiboo_suren
Participant
‎2019-11-19 01:08 AM
In response to Timothy_Hall

 Management server R80 and gateway R77.30. Only optimize profile has been enabled but when i checked IPS log and click on go to IPS profile, i would take me to the basic profile. Not Optimize one.

 

Refer screen capture for static and dynamic protection.

 

static-dynamic protection.PNG 

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-11-19 08:08 AM
In response to shiboo_suren

Specifically what is the version of your SMS, just R80 and not R80.XX right?

OK I see now, "Static" in your display refers to IPS Core Protections and "Dynamic" refers to IPS ThreatCloud Protections.  Core Protections use a different profile ("Basic" in your case) than the ThreatCloud Protections.  As mentioned in my IPS Immersion class Core Protections are in a kind of no-man's land between Inspection Settings & ThreatCloud Protections and are treated differently, see this thread for more info:

https://community.checkpoint.com/t5/IPS-Anti-Virus-Anti-Bot-Anti/IPS-Core-protection-I-need-help-to-...

This question seems to come up a lot...

 

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    In-Person

    Tue 25 Mar 2025 @ 09:00 AM (EDT)

    Canada In-Person Cloud Security with Hands-On CloudGuard Workshops!
    In-Person

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap
    In-Person

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events