This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Amir_Rehman
Contributor
‎2020-05-13 06:53 AM
Jump to solution

SAM Rule Not working after upgrading from R80.20 to R80.30

Hey Checkmates,

Hope everyone is safe and healthy.

I have had an issue with Sam rule since our gateway was upgraded to R80.30 

I have not seen any block entry in the Sam database since the upgrade was done which was almost 3 months ago.

We used to have hundreds of entries when we were on R80.10 and R80.20 

Preview file
27 KB
1 Solution

Accepted Solutions
HeikoAnkenbrand
Champion Champion
Champion
‎2020-05-13 08:18 AM
Jump to solution

Hi @Amir_Rehman,

The SecureXL penalty box is a mechanism that performs an early drop of packets arriving from suspected sources. This mechanism is supported starting in R75.40VS.

Why not sam policy rules?

The SAM policy rules consume some CPU resources on Security Gateway. We recommend to set an expiration that gives you time to investigate, but does not affect performance. The best practice is to keep only the SAM policy rules that you need. If you confirm that an activity is risky, edit the Security Policy, educate users, or otherwise handle the risk. Or better use SecureXL penalty box from a performance point of view.

More read in this article:

Performance Tuning Tip - DDoS „fw sam“ vs. „fwaccel dos“ 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

1 Reply
HeikoAnkenbrand
Champion Champion
Champion
‎2020-05-13 08:18 AM
Jump to solution

Hi @Amir_Rehman,

The SecureXL penalty box is a mechanism that performs an early drop of packets arriving from suspected sources. This mechanism is supported starting in R75.40VS.

Why not sam policy rules?

The SAM policy rules consume some CPU resources on Security Gateway. We recommend to set an expiration that gives you time to investigate, but does not affect performance. The best practice is to keep only the SAM policy rules that you need. If you confirm that an activity is risky, edit the Security Policy, educate users, or otherwise handle the risk. Or better use SecureXL penalty box from a performance point of view.

More read in this article:

Performance Tuning Tip - DDoS „fw sam“ vs. „fwaccel dos“ 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events