This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Amit_Singh4
Participant
‎2019-04-25 01:42 AM

Why are some of IPS signatures showing as inactive in R80.10?

Jump to solution

R80.10 - Why some of IPS signatures showing as inactive?

IPS SignaturesIPS Signatures

 

This is the profile configuration.

Profile Configuration.png

  Updates.png

 Configuration.png

 

 Additional Activation.png

 

I have gone through the one of post as given below:-

https://community.checkpoint.com/t5/Policy-Management/IPS-Protections-in-Detect-Staging/td-p/15373

But my profile setting is not anything in inactive mode. So trying to understand why few signatures still as in inactive.

Thanks & Regards

Amit

0 Kudos
Reply
1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion
‎2019-04-25 05:53 AM

Jump to solution

All IPS signatures showing as Inactive in your screenshot have a performance impact rating of High or Critical.  Your TP profile states that all signatures with a performance impact of Medium or lower should be activated, thus inactivating all signatures with a High or Critical performance impact.  Activating IPS signatures with a High or Critical performance impact can have an adverse effect on firewall CPU load, as IPS signatures with a performance rating of High are handled approximately 50% in the Medium Path/PXL and 50% in the Firewall Path/F2F, while signatures with a Critical performance impact are handled 100% in the Firewall Path/F2F.  This adverse performance impact can be particularly noticeable on firewalls with less than 8 cores.

 

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

Reply
2 Replies
Timothy_Hall
Champion
Champion
‎2019-04-25 05:53 AM

Jump to solution

All IPS signatures showing as Inactive in your screenshot have a performance impact rating of High or Critical.  Your TP profile states that all signatures with a performance impact of Medium or lower should be activated, thus inactivating all signatures with a High or Critical performance impact.  Activating IPS signatures with a High or Critical performance impact can have an adverse effect on firewall CPU load, as IPS signatures with a performance rating of High are handled approximately 50% in the Medium Path/PXL and 50% in the Firewall Path/F2F, while signatures with a Critical performance impact are handled 100% in the Firewall Path/F2F.  This adverse performance impact can be particularly noticeable on firewalls with less than 8 cores.

 

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

Reply
Amit_Singh4
Participant
‎2019-04-25 08:49 AM
In response to Timothy_Hall

Jump to solution
Thank You Tim.
0 Kudos
Reply