This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ihenock1011
Advisor
5 hours ago

Optimizing Threat Prevention best practice on Inspection Setting

Hi All,

We have a Check Point R81.10 Security Gateway, and we aim to fine-tune our Threat Prevention to ensure optimal configuration and adhere to best practices. We seek guidance on which features to activate in the inspection settings, located under Manage & Settings > Blades > Inspection Settings.

Thanks,

0 Kudos
7 Replies
AkosBakos
Advisor
Advisor
5 hours ago

Hi @Ihenock1011 

There are two way's, I think:

1: https://support.checkpoint.com/results/sk/sk95193

2: https://community.checkpoint.com/t5/Security-Gateways/Announcement-Max-Power-2020-Check-Point-Firewa...

@Timothy_Hall's book is really worth the money. This book helped me a lot!

Akos

----------------
\m/_(>_<)_\m/
the_rock
Legend
Legend
4 hours ago
In response to AkosBakos

Absolutely, book is fantastic!

Andy

Chris_Atkinson
Employee Employee
Employee
4 hours ago

Optimize for performance or protection a balance?

The Threat Prevention guide has sections on "Optimizing IPS" e.g. https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_ThreatPrevention_AdminGuide/...

For some environments adopting Autonomous Threat Prevention might be a good approach.

HCP also has specific Threat Prevention tests that you can enable.

CCSM R77/R80/ELITE
the_rock
Legend
Legend
4 hours ago

Hey bro,

Nice to see you here again! Btw, I would make sure you have this configured as per below screenshot. Having recommended protection for inspection setting is better for ddos protection, BUT, it could cause other issues, so maybe better dont change it.

Andy

 

Screenshot_1.png

Lesley
Leader Leader
Leader
2 hours ago

Would compliance blade maybe give some guidance in the ips part? Atleast it gave me some tips and advise

-------
If you like this post please give a thumbs up(kudo)! 🙂
the_rock
Legend
Legend
2 hours ago
In response to Lesley

Excellent point @Lesley 

@Ihenock1011 I ran one in my lab and attached the file. There is  BUNCH of ips stuff there, see if any of those help.

Andy

Edit. Does not let me attach the file, but I copied some portions.

 

<best_practice display_id="IPS103" display_name="This checks that the Profile's IPS Policy activates all newly updated protections" description="This checks that IPS Protections have been activated on each profile in accordance with the IPS policy" recommendation="For each IPS profile's newly activated protections, select Active according to profile settings." blade="IPS" result="Secure" rate="100" active="TRUE" due_date="">
<RelevantObjects>
<relevant_object id="IPS103_1" type="default" relevant_object="Optimized-lab" result="Secure" active="TRUE"/>
 
 
<best_practice display_id="IPS111" display_name="Check that IPS protections per Gateway activated according to the IPS policy" description="This test checks all IPS gateways that their protections have been activated according to the policy." recommendation="The IPS Protections should be activated according to the policy." blade="IPS" result="Secure" rate="100" active="TRUE" due_date="">
<RelevantObjects>
0 Kudos
the_rock
Legend
Legend
2 hours ago
In response to the_rock

@Ihenock1011 Attached notepad++ file, just copied everything from browser xml file to it, hope it has some helpful info.

Andy

Preview file
1544 KB
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events