Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Geomix7
Collaborator

Which R80.20 IPS default profile is equal to IPS R77.30 "Recommended" profile?

From R80.20 IPS default  profiles (Basic,Optimized & strict) which is equal to IPS R77.30 "Recommended" profile?

0 Kudos
3 Replies
Timothy_Hall
Legend Legend
Legend

The closest equivalent to the R77.30 "Recommended_Protection" IPS profile in R80+ is the "Strict" profile with some slight differences.  Here is a handy summary taken from my IPS Immersion class for version R80.10, note that for fresh installations of R80.20+ the default IPS Updates Policy is to automatically set new Protections to Prevent:

 

Click to Expand

An IPS Profile contains a policy which specifies whether all the ThreatCloud and Core Activations within it will be set to
Inactive, Prevent, or Detect. For each IPS Profile, the default IPS Policy for Protections to enable is as follows:

Basic – IPS Updates Policy: Set new Protections to Detect/Staging
Performance Impact: Medium or Lower
Severity: High or above
Confidence: High – Prevent, Medium – Inactive, Low – Inactive

Optimized – IPS Updates Policy: Set new Protections to Detect/Staging
Performance Impact: Medium or Lower
Severity: Medium or above
Confidence: High – Prevent, Medium – Prevent, Low – Inactive

Strict – IPS Updates Policy: Set new Protections to Detect/Staging
Performance Impact: High or Lower
Severity: Low or above
Confidence: High – Prevent, Medium – Prevent, Low – Detect

Default_Protection (R77.30 upgrades only) – IPS Updates Policy: Set new Protections to Prevent
Performance Impact: Very Low only
Severity: Medium or above
Confidence: High – Prevent, Medium – Prevent, Low – Inactive

Recommended_Protection (R77.30 upgrades only) – IPS Updates Policy: Set new Protections to Detect/Staging
Performance Impact: High or lower
Severity: Medium or above
Confidence: High – Prevent, Medium – Prevent, Low – Inactive

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Geomix7
Collaborator

Based on Check Point R80.10 IPS best practice :"Check Point recommends using the out of the box Optimized profile which provides the balance
between excellent protection for common network products and protocols against recent or
popular attacks and performance impact." Thus i understand optimized is equal to recommended?
0 Kudos
PhoneBoy
Admin
Admin

The R80.x Optimized profile is less "strict" than the R77.x Recommended profile, but not as strict as the R80.x Strict profile.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events