This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tony_Graham
Advisor
‎2022-12-07 12:16 PM

Switching to Autonomous Policy from Custom

All,

We have been running Custom Polices for IPS and Threat Prevention since it was first introduced. Now that Autonomous 'curated' policies are available, we would like to investigate that. What is the path to move from Custom Policies to Autonomous. When one is enabled is the other disabled or do existing policies need to be removed and then Autonomous enabled? Also are there any 'gotchas' where certain blades are required where we may not have licenses when using Autonomous policies.

Thanks.

4 Replies
PhoneBoy
Admin
Admin
‎2022-12-07 12:46 PM

I don't believe your existing configuration needs to be removed, Autonomous Threat Prevention simply needs to be enabled in the relevant gateway object(s).
Note that the "perimeter" setting in ATP is roughly equivalent to the Optimized policy.

In terms of licensing, ATP will use the licenses you have.

Tony_Graham
Advisor
‎2022-12-07 12:55 PM
In response to PhoneBoy

Excellent,

Thanks Dameon.

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2022-12-07 03:05 PM

When ATP is enabled, all your Custom configurations (profiles, policies, etc.) will still be there and available if you switch ATP back off.  The biggest thing for enabling ATP is to make sure all your exceptions are GLOBAL and not attached to rules as the latter will suddenly stop working when ATP is enabled which can be a rude shock. 

Here are the pages from my IPS/AV/ABOT Immersion class covering this tip and some other gotchas, only update to this would be the new SK covering how to customize UserChecks while ATP is enabled: sk178764: How to use a custom UserCheck object for Threat Extraction in the Autonomous Threat Preven...

ATP1.jpgATP2.jpgATP3.jpg

 

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
Tony_Graham
Advisor
‎2022-12-08 01:48 PM
In response to Timothy_Hall

Thanks Tim.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events