Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nathan_Churchwe
Explorer

IPS configuration\reporting

Apologies if this is not the right place to post this. But I could not find it in the forums\ my own research.

The IPS configuration for my company is very out of date and needs to be worked on (in progress). In my own testing\knowledge is it possible to have one active profile then another test profile that's newer, that is configured the way we would like it to be, and still log the activity? 

The reason for this question, is I want to gather the most up to date data on a profile that is configured correctly settings wise with out disrupting our current protections.

Basically I want to have our main  IPS profile stay in tact, but have a separate profile available and have it log the data so  the reports can can be reviewed\compared?

Hopefully that makes sense.

Thanks for your time

-Nate

0 Kudos
2 Replies
G_W_Albrecht
Legend
Legend

In general, IPS profiles that just detect = log IPS events are only justified during the first phase of blending-in IPS. If two IPS Layers at the same time would be possible, load on the GW could double 😞 As you can apply different profiles to different GWs only, your suggestion will not work. Reading Threat Prevention Administration Guide R80.20 will help you to better understand settings, protections and profiles. How to optimize IPS is found here: sk98348: Best Practices - Security Gateway Performance. If you want to understand what is going on under the hood, you can study sk95193: ATRG: IPS

CCSE CCTE CCSM SMB Specialist
PhoneBoy
Admin
Admin

First of all, the only way that this might be possible is with R80.x gateways and multiple Threat Prevention layers.

Specifically, you'd create a Threat Prevention layer above your existing one that refers to your new profile with action Detect.

Note that Detect profiles do have a higher performance impact than Prevent profiles as they continue to process traffic long after a Prevent profile would drop the traffic.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events