Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ankur_Datta1
Participant

Need to know how IPS works in checkpoint

Hi All,

I am facing problem to deploy IPS on checkpoint R77.30. I enabled the IPS blade. I was looking if there is any specific policy we need to create for IPS as well but found there are only profiles. At the moment my gateway is set to default protection profile ( behavior: Prevent). From internal host, i tried to download a malware file however my browser declined the file saying this file has malicious content but i not able to find logs in smart view tracker or smart view event. Can anyone guide how i can deploy IPS and test. 

Thanks

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Note that malware (depending on what it is) may not necessarily be caught by IPS, but rather Anti-Virus or Threat Emulation/Extraction.

Also, if the traffic is encrypted, you'll also need HTTPS Inspection to see the traffic.

For IPS specifically, I would start here: Best Practices - IPS 

Generally you should be using the Recommended (versus the Default) profile in R77.30.

In R80.10, the Optimized profile is appropriate for most customers.

Tomer_Sole
Mentor
Mentor

the guide for you is this: https://community.checkpoint.com/message/13840-r8010-ips-best-practices-guide 

"i not able to find logs in smart view tracker or smart view event": please try to search "blade:IPS" on the logs & monitoring logs to find the relevant log item. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events