This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Henrik_Noerr1
Advisor
‎2023-03-11 04:08 AM

Threat Prevention as shared layer

Hey,

We are using MDS with 10 domains and some 200 Virtual Systems spread out on some 40 VSX clusters. 

Many of VS use IPS and have their own Threat Prevention policy using the same profile. 

the TP policy is mostly identical across all firewalls. 
I am wondering if there are any benefits in converting all these policies to simply work as a shared TP layer. 

will we gain any benefits from this on the MDS side, maybe even on the VSX clusters?

I am thinking update size and time would be better? 

/Henrik

 

 

Labels
0 Kudos
7 Replies
the_rock
Legend
Legend
‎2023-03-11 05:30 AM

I would also think for those reasons you mentioned as well, makes sense. I have not worked with any customers who use MDS since R77.xx days , so cant really speak on that front, so let others chime in with their opinions 🙂

Andy

0 Kudos
Henrik_Noerr1
Advisor
‎2023-03-11 11:26 AM

Hmm, it doesn't seem to be an option.

 

ips.PNG

 
 

 

0 Kudos
the_rock
Legend
Legend
‎2023-03-11 11:44 AM
In response to Henrik_Noerr1

Hey @Henrik_Noerr1 

That has been by design since base R80 that default threat prevention layer cannot be shared. I attached screenshot of my lab example:

Screenshot_1.png

 Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2023-03-13 09:20 AM

I don't see how having a shared TP layer would change anything in terms of update size and time.

0 Kudos
Henrik_Noerr1
Advisor
‎2023-03-13 11:11 AM
In response to PhoneBoy

I must be misunderstanding something.

Each VS has it's own directory like; /opt/CPsuite-R81.10/fw1/CTX/CTX00004/ips/

With it's own dedicated directory, I am guessing with identical TP policies, all these directories contain redundant information?

Each directory needs to be updated and pushed to each gateway. Why not have a shared layer so the IPS layer is maintained once.

even sk176665 acknowledges the issue.

 

 

 

 

0 Kudos
the_rock
Legend
Legend
‎2023-03-13 11:17 AM
In response to Henrik_Noerr1

Thats my logic as well @Henrik_Noerr1 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-03-13 12:58 PM
In response to Henrik_Noerr1

A shared Threat Prevention layer won't change how the information is pushed to each VS.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events