This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ihenock101
Collaborator
‎2023-07-18 05:19 AM
Jump to solution

IPS Protection vs Check Point Advisories Archive

Hi All,

I am writing to inquire about a discrepancy I have encountered while reviewing the checkpoint advisories archive and the checkpoint IPS protection.

While examining the advisories archive (https://advisories.checkpoint.com/advisories/), I attempted to locate specific CVE's on my IPS Protection However, despite my checkpoint IPS indicating that it is up to date, I was unable to find these CVE's within the IPS protection.

I would greatly appreciate it if you could shed some light on this matter and provide an explanation as to why these CVE's are not appearing within the IPS protection. It is important for me to understand whether this is an expected behavior or if there might be any issues with my current setup.

Please let me know if there are any additional details or steps that I need to consider in order to resolve this discrepancy. Thank you for your attention to this matter, and I look forward to your prompt response.

Thanks,

0 Kudos
1 Solution

Accepted Solutions
ihenock101
Collaborator
‎2023-07-20 01:38 AM
Jump to solution

Hi guys, I updated the IPS offline and now it shows me all the CVE from the checkpoint advisories. and the version info also updated to the latest one. The below link is to download the offline update package.

 https://www.checkpoint.com/defense/updates/index.html

View solution in original post

0 Kudos
12 Replies
the_rock
Legend
Legend
‎2023-07-18 05:25 AM
Jump to solution

Can you please provide the CVEs you searched? I would like to check in my R81.20 lab.

Cheers,

Andy

0 Kudos
ihenock101
Collaborator
‎2023-07-18 06:34 AM
In response to the_rock
Jump to solution

I just search randomly from the checkpoint advisories but I couldn't get the latest ones.

0 Kudos
Tal_Paz-Fridman
Employee
Employee
‎2023-07-18 06:05 AM
Jump to solution

As @the_rock asked, please give a couple of examples so I can send to the relevant R&D owners to examine.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-07-18 06:26 AM
Jump to solution

Please provide the IPS package version, Gateway/Management version & JHF level in addition to the list of CVEs that you are attempting to locate.

CCSM R77/R80/ELITE
0 Kudos
ihenock101
Collaborator
‎2023-07-18 06:53 AM
In response to Chris_Atkinson
Jump to solution

IPS Update Version: 635234643

Gateway/Management version: r80.40

JHF level: 192

regarding the CVE I just randomly search from the advisories and I couldn't find on the IPS Protection e.g CVE-2021-35218CVE-2021-44026

 

0 Kudos
the_rock
Legend
Legend
‎2023-07-18 07:02 AM
In response to ihenock101
Jump to solution

Just checked R81.20 mgmt and found both of them

Andy

the_rock
Legend
Legend
‎2023-07-18 07:22 AM
In response to ihenock101
Jump to solution

To add to my last response, I would strongly urge you to upgrade to at least R81.10. So many fixes in it and even R81.20, Im super impressed with it now. Management, I would recommend to anyone, even gateways, but maybe better to wait until CP says R81.20 is officially recommended.

Either way, when it comes to IPS and app control, R81.10 is wayyy better than R80.40, just saying.

Andy

0 Kudos
ihenock101
Collaborator
‎2023-07-20 01:38 AM
Jump to solution

Hi guys, I updated the IPS offline and now it shows me all the CVE from the checkpoint advisories. and the version info also updated to the latest one. The below link is to download the offline update package.

 https://www.checkpoint.com/defense/updates/index.html

0 Kudos
the_rock
Legend
Legend
‎2023-07-20 02:44 AM
In response to ihenock101
Jump to solution

Thanks for the update. Most people have scheduled IPS updates enabled...if you dont, you definitely should set that up, its only few clicks.

Andy

0 Kudos
ihenock101
Collaborator
‎2023-07-20 05:03 AM
In response to the_rock
Jump to solution

I also make automatic update however the smart console shows me it is up to date while the threat prevention protection shows me there is missing update it confuses me. that's why I use offline update.

0 Kudos
the_rock
Legend
Legend
‎2023-07-22 07:56 AM
In response to ihenock101
Jump to solution

Ah, ok, that makes sense.

Andy

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2023-07-20 06:59 AM
Jump to solution

If you are trying to search for CVE numbers directly on the IPS Protections screen of SmartConsole, be aware that at one point CVE numbers were not a searchable item and would not show up.  This was resolved in the latest versions of the SmartConsole software in most releases so make sure you are running the latest one, especially since the R81 and earlier versions of SmartConsole do not notify you that SmartConsole software updates are available.

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top