This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Geomix7
Collaborator
‎2019-05-28 02:25 AM

Which R80.20 IPS default profile is equal to IPS R77.30 "Recommended" profile?

From R80.20 IPS default  profiles (Basic,Optimized & strict) which is equal to IPS R77.30 "Recommended" profile?

0 Kudos
3 Replies
Timothy_Hall
Legend Legend
Legend
‎2019-05-28 05:52 AM

The closest equivalent to the R77.30 "Recommended_Protection" IPS profile in R80+ is the "Strict" profile with some slight differences.  Here is a handy summary taken from my IPS Immersion class for version R80.10, note that for fresh installations of R80.20+ the default IPS Updates Policy is to automatically set new Protections to Prevent:

 

Click to Expand

An IPS Profile contains a policy which specifies whether all the ThreatCloud and Core Activations within it will be set to
Inactive, Prevent, or Detect. For each IPS Profile, the default IPS Policy for Protections to enable is as follows:

Basic – IPS Updates Policy: Set new Protections to Detect/Staging
Performance Impact: Medium or Lower
Severity: High or above
Confidence: High – Prevent, Medium – Inactive, Low – Inactive

Optimized – IPS Updates Policy: Set new Protections to Detect/Staging
Performance Impact: Medium or Lower
Severity: Medium or above
Confidence: High – Prevent, Medium – Prevent, Low – Inactive

Strict – IPS Updates Policy: Set new Protections to Detect/Staging
Performance Impact: High or Lower
Severity: Low or above
Confidence: High – Prevent, Medium – Prevent, Low – Detect

Default_Protection (R77.30 upgrades only) – IPS Updates Policy: Set new Protections to Prevent
Performance Impact: Very Low only
Severity: Medium or above
Confidence: High – Prevent, Medium – Prevent, Low – Inactive

Recommended_Protection (R77.30 upgrades only) – IPS Updates Policy: Set new Protections to Detect/Staging
Performance Impact: High or lower
Severity: Medium or above
Confidence: High – Prevent, Medium – Prevent, Low – Inactive

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Geomix7
Collaborator
‎2019-05-28 06:37 AM
In response to Timothy_Hall

Based on Check Point R80.10 IPS best practice :"Check Point recommends using the out of the box Optimized profile which provides the balance
between excellent protection for common network products and protocols against recent or
popular attacks and performance impact." Thus i understand optimized is equal to recommended?
0 Kudos
PhoneBoy
Admin
Admin
‎2019-05-28 06:53 AM
In response to Geomix7

The R80.x Optimized profile is less "strict" than the R77.x Recommended profile, but not as strict as the R80.x Strict profile.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events