Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BlueGrass
Contributor

Question in Threat Prevention profile details

Hi all,

 

I would like to confirm:

 

1. What are the exact behaviours if the Performance Impact changed in different profiles? 

2. What is the Severity here means?

3. Are the changing of Active Protections and Active Mode configuration impact both SandBlast and Threat Preventions at the same time?

4. If the action is set to "Detect", will this still lead to performance impact as the blade is still working but not to take action only?

 

99999.JPG

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

It means protections that have a performance impact of Very Low/Low/Medium/High/Critical or lower will be included.
Same with Severity.
For a description of the levels: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Detect may actually take more cycles than Prevent since the gateway is still processing the traffic long after it has detected the attack.
0 Kudos
BlueGrass
Contributor

So, in my case, If the Critical level IPS threat is detected, a very low impact scanning and action will be taken by the CP.

Am I right?
0 Kudos
PhoneBoy
Admin
Admin

I kind of had this wrong.
The profile as you've shown in the screenshot will only have protections that have:

  • Critical Severity
  • Very Low performance impact
  • High Confidence (In Prevent Mode) or Medium Confidence (in Detect Mode)

Which probably won't be a ton of protections.
If you look at, say, the Strict profile, you'll see it's a little clearer what protections are included.

Screen Shot 2020-05-10 at 9.49.44 PM.png

 

0 Kudos