This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Timothy_Hall
MVP Gold
MVP Gold
‎2017-10-18 10:10 AM

For IPS in particular you can just run ips off on the gateway to instantly turn it off.  If policy is reinstalled or the firewall rebooted IPS will be back on, current state can be checked with ips stat.

For the other elements of Threat Prevention I suppose you could unload the TP policy on the gateway with fw amw unload but be warned I have not tried doing this on a production firewall.

For Application Control and URL Filtering, I don't think there is a way to disable these on the fly without a policy reinstall to the gateway.

Then of course if you just want to turn your firewall into a pure router with no enforcement, no NAT, no antispoofing etc you could always do this which will cause an outage:

fw unloadlocal

echo 1 > /proc/sys/net/ipv4/ip_forward

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization
(1)
Who rated this post