Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ihenock1011
Advisor

Optimizing Threat Prevention best practice on Inspection Setting

Hi All,

We have a Check Point R81.10 Security Gateway, and we aim to fine-tune our Threat Prevention to ensure optimal configuration and adhere to best practices. We seek guidance on which features to activate in the inspection settings, located under Manage & Settings > Blades > Inspection Settings.

Thanks,

0 Kudos
7 Replies
AkosBakos
Advisor
Advisor

Hi @Ihenock1011 

There are two way's, I think:

1: https://support.checkpoint.com/results/sk/sk95193

2: https://community.checkpoint.com/t5/Security-Gateways/Announcement-Max-Power-2020-Check-Point-Firewa...

@Timothy_Hall's book is really worth the money. This book helped me a lot!

Akos

----------------
\m/_(>_<)_\m/
the_rock
Legend
Legend

Absolutely, book is fantastic!

Andy

Chris_Atkinson
Employee Employee
Employee

Optimize for performance or protection a balance?

The Threat Prevention guide has sections on "Optimizing IPS" e.g. https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_ThreatPrevention_AdminGuide/...

For some environments adopting Autonomous Threat Prevention might be a good approach.

HCP also has specific Threat Prevention tests that you can enable.

CCSM R77/R80/ELITE
the_rock
Legend
Legend

Hey bro,

Nice to see you here again! Btw, I would make sure you have this configured as per below screenshot. Having recommended protection for inspection setting is better for ddos protection, BUT, it could cause other issues, so maybe better dont change it.

Andy

 

Screenshot_1.png

Lesley
Leader Leader
Leader

Would compliance blade maybe give some guidance in the ips part? Atleast it gave me some tips and advise

-------
If you like this post please give a thumbs up(kudo)! 🙂
the_rock
Legend
Legend

Excellent point @Lesley 

@Ihenock1011 I ran one in my lab and attached the file. There is  BUNCH of ips stuff there, see if any of those help.

Andy

Edit. Does not let me attach the file, but I copied some portions.

 

<best_practice display_id="IPS103" display_name="This checks that the Profile's IPS Policy activates all newly updated protections" description="This checks that IPS Protections have been activated on each profile in accordance with the IPS policy" recommendation="For each IPS profile's newly activated protections, select Active according to profile settings." blade="IPS" result="Secure" rate="100" active="TRUE" due_date="">
<RelevantObjects>
<relevant_object id="IPS103_1" type="default" relevant_object="Optimized-lab" result="Secure" active="TRUE"/>
 
 
<best_practice display_id="IPS111" display_name="Check that IPS protections per Gateway activated according to the IPS policy" description="This test checks all IPS gateways that their protections have been activated according to the policy." recommendation="The IPS Protections should be activated according to the policy." blade="IPS" result="Secure" rate="100" active="TRUE" due_date="">
<RelevantObjects>
the_rock
Legend
Legend

@Ihenock1011 Attached notepad++ file, just copied everything from browser xml file to it, hope it has some helpful info.

Andy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events