Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Albin_Petersson
Contributor

Inspection settings block while being inactive, bug?

Helloes.

 

We had an inspection setting, TCP invalid retransmission, that we had to make an execption for, even though it is set to inactive. How can it block traffic if it's inactive in the profile, is this just a bug?

On R80.30.

0 Kudos
4 Replies
G_W_Albrecht
Legend Legend
Legend

Albin_Petersson
Contributor

hmm, well it clears it up a bit I suppose. But I'm not that convinced it's well-known. 🤔
It should say in the manual that these doesn't support the inactive option.

Inspection settings in general seem to be quite poorly handled by checkpoint, I would say.

 

We should probably go through the profile we have active and activate the protections that you can't inactivate.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

I would stay with the information that can be found in Threat Prevention Administration Guide R80.30. At least, inactive protections do not put more load on the GW - after a certain span of using Detect for fine-tuning, all should be set either to Protect or Inactive.

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Albin_Petersson
Contributor

...well, there's no info at all in the Threat prevention guide about these since they're not a part of IPS. There's a little bit in the security management guide, but it's just the basics. On, off, exceptions.

They don't have staging, detect or prevent. They just have accept or drop, but the default setting is inactive which doesn't work.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events