Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Amir_Rehman
Contributor
Jump to solution

SAM Rule Not working after upgrading from R80.20 to R80.30

Hey Checkmates,

Hope everyone is safe and healthy.

I have had an issue with Sam rule since our gateway was upgraded to R80.30 

I have not seen any block entry in the Sam database since the upgrade was done which was almost 3 months ago.

We used to have hundreds of entries when we were on R80.10 and R80.20 

1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion

Hi @Amir_Rehman,

The SecureXL penalty box is a mechanism that performs an early drop of packets arriving from suspected sources. This mechanism is supported starting in R75.40VS.

Why not sam policy rules?

The SAM policy rules consume some CPU resources on Security Gateway. We recommend to set an expiration that gives you time to investigate, but does not affect performance. The best practice is to keep only the SAM policy rules that you need. If you confirm that an activity is risky, edit the Security Policy, educate users, or otherwise handle the risk. Or better use SecureXL penalty box from a performance point of view.

More read in this article:

Performance Tuning Tip - DDoS „fw sam“ vs. „fwaccel dos“ 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

1 Reply
HeikoAnkenbrand
Champion Champion
Champion

Hi @Amir_Rehman,

The SecureXL penalty box is a mechanism that performs an early drop of packets arriving from suspected sources. This mechanism is supported starting in R75.40VS.

Why not sam policy rules?

The SAM policy rules consume some CPU resources on Security Gateway. We recommend to set an expiration that gives you time to investigate, but does not affect performance. The best practice is to keep only the SAM policy rules that you need. If you confirm that an activity is risky, edit the Security Policy, educate users, or otherwise handle the risk. Or better use SecureXL penalty box from a performance point of view.

More read in this article:

Performance Tuning Tip - DDoS „fw sam“ vs. „fwaccel dos“ 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events