Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ihenock1011
Advisor

Threat Prevention Policy Optimization

Hi All,

I have a Check Point Security Gateway R81.10 with Threat Prevention enabled, and the Threat Prevention policy is currently in detect mode. After a learning stage of 15 days, I intend to change the policy to prevent mode. Additionally, I need guidance on how to optimize the threat prevention settings according to best practices.

Thanks

0 Kudos
5 Replies
Lesley
Leader Leader
Leader

What blades are you planning to enable in Threat Prevention?

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend

Personally, what I always say to people is to simply set the policy to optimize profile, as that is the CP recommended one anyway. If any issues down the road, you can always create exceptions in the policy.

Best,

Andy

0 Kudos
PhoneBoy
Admin
Admin

Most of the optimization comes around eliminating false positives and/or performance related concerns, which are environment dependent.
However, starting with the Optimized TP policy is generally a safe bet.

0 Kudos
Timothy_Hall
Legend Legend
Legend

Yes Optimized is always a good profile to start with.  Another strong recommendation is to create Global Exceptions as opposed to rule-based exceptions to facilitate the transition to Autonomous Threat Prevention should you want to go there in the future.  When exceptions are created directly from the log card of a Threat Prevention log they are always created as rule-based exceptions.  Found out the hard way that if you enable Autonomous Threat Prevention (ATP), rule-based exceptions suddenly stop working and only Global Exceptions apply.  Really should be some kind of warning about this when enabling ATP if rule-based exceptions are present.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
(1)
the_rock
Legend
Legend

Excellent explanation, as always.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events