This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Amit_Singh4
Participant
‎2019-04-25 01:42 AM

Why are some of IPS signatures showing as inactive in R80.10?

Jump to solution

R80.10 - Why some of IPS signatures showing as inactive?

IPS SignaturesIPS Signatures

 

This is the profile configuration.

Profile Configuration.png

  Updates.png

 Configuration.png

 

 Additional Activation.png

 

I have gone through the one of post as given below:-

https://community.checkpoint.com/t5/Policy-Management/IPS-Protections-in-Detect-Staging/td-p/15373

But my profile setting is not anything in inactive mode. So trying to understand why few signatures still as in inactive.

Thanks & Regards

Amit

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Champion
Champion
‎2019-04-25 05:53 AM

Jump to solution

All IPS signatures showing as Inactive in your screenshot have a performance impact rating of High or Critical.  Your TP profile states that all signatures with a performance impact of Medium or lower should be activated, thus inactivating all signatures with a High or Critical performance impact.  Activating IPS signatures with a High or Critical performance impact can have an adverse effect on firewall CPU load, as IPS signatures with a performance rating of High are handled approximately 50% in the Medium Path/PXL and 50% in the Firewall Path/F2F, while signatures with a Critical performance impact are handled 100% in the Firewall Path/F2F.  This adverse performance impact can be particularly noticeable on firewalls with less than 8 cores.

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com

View solution in original post

2 Replies
Timothy_Hall
Champion
Champion
‎2019-04-25 05:53 AM

Jump to solution

All IPS signatures showing as Inactive in your screenshot have a performance impact rating of High or Critical.  Your TP profile states that all signatures with a performance impact of Medium or lower should be activated, thus inactivating all signatures with a High or Critical performance impact.  Activating IPS signatures with a High or Critical performance impact can have an adverse effect on firewall CPU load, as IPS signatures with a performance rating of High are handled approximately 50% in the Medium Path/PXL and 50% in the Firewall Path/F2F, while signatures with a Critical performance impact are handled 100% in the Firewall Path/F2F.  This adverse performance impact can be particularly noticeable on firewalls with less than 8 cores.

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
Amit_Singh4
Participant
‎2019-04-25 08:49 AM
In response to Timothy_Hall

Jump to solution
Thank You Tim.
0 Kudos