Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Thin
Contributor
Jump to solution

What is the difference between 2 IPS signature? (CVE-2020-1472)

Hello

I'm confused about CVE-2020-1472 signature. There is 2 IPS signature relate to this CVE. 

Capture.PNG

 

 

 

What signature should I enable? 

What is the difference between these signatures?

If I enable only the first signature(as in the image above), Will it be enough to prevent the vulnerability related to the CVE?

 

Thank You

0 Kudos
2 Solutions

Accepted Solutions
Avi_Bechor
Employee
Employee

Hi,
We have written 2 relevant protections for this critical CVE in order to provide extensive coverage against it.

The difference between the two protections is the potential performance impact. Thus, the second protection has higher potential performance impact, yet provides an additional layer of protection. If possible, with performance considerations in mind, we suggest to enable both of them.

Thanks,
Avi

View solution in original post

Timothy_Hall
Champion
Champion

As I mentioned in my IPS Immersion class, you should be a bit wary of any IPS signature with a Performance Impact of Critical, as that will typically force the relevant traffic into the CPASXL or even F2F paths.  IPS signatures with a Critical rating will never be automatically enabled by an IPS profile, and must be manually enabled by an administrator.  Try to limit the Protected Scope of profiles enforcing Critical IPS signatures; in particular watch out for high-speed LAN to LAN traffic getting sucked into them.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

2 Replies
Avi_Bechor
Employee
Employee

Hi,
We have written 2 relevant protections for this critical CVE in order to provide extensive coverage against it.

The difference between the two protections is the potential performance impact. Thus, the second protection has higher potential performance impact, yet provides an additional layer of protection. If possible, with performance considerations in mind, we suggest to enable both of them.

Thanks,
Avi

Timothy_Hall
Champion
Champion

As I mentioned in my IPS Immersion class, you should be a bit wary of any IPS signature with a Performance Impact of Critical, as that will typically force the relevant traffic into the CPASXL or even F2F paths.  IPS signatures with a Critical rating will never be automatically enabled by an IPS profile, and must be manually enabled by an administrator.  Try to limit the Protected Scope of profiles enforcing Critical IPS signatures; in particular watch out for high-speed LAN to LAN traffic getting sucked into them.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events