Who rated this post

Showing results for 
Search instead for 
Did you mean: 

For IPS in particular you can just run ips off on the gateway to instantly turn it off.  If policy is reinstalled or the firewall rebooted IPS will be back on, current state can be checked with ips stat.

For the other elements of Threat Prevention I suppose you could unload the TP policy on the gateway with fw amw unload but be warned I have not tried doing this on a production firewall.

For Application Control and URL Filtering, I don't think there is a way to disable these on the fly without a policy reinstall to the gateway.

Then of course if you just want to turn your firewall into a pure router with no enforcement, no NAT, no antispoofing etc you could always do this which will cause an outage:

fw unloadlocal

echo 1 > /proc/sys/net/ipv4/ip_forward

My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Who rated this post