Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Brianpiraty_Ale
Contributor

IPS protection

Any one has good documentation link for checkpoint IPS configuration R 80.10 with IPS policy update

(a) can you describe the Performance impact and confidence level parameters

0 Kudos
3 Replies
Jason_Dance
Collaborator

Ideally you'd want to take into account the current load (CPU, RAM, Disk IO, throughput and types of traffic) and other enabled blades you have on your security gateways before turning on some of the more higher impact protections.  With this in mind, the R80.10 Threat Prevention Guide ( https://downloads.checkpoint.com/dc/download.htm?ID=54828 ) has some text on those two metrics.  

Confidence Level
Some attack types are less severe than others, and legitimate traffic may sometimes be mistakenly recognized as a threat. The confidence level value shows how well the specified protection can correctly recognize the specified attack.
The Confidence parameter can help you troubleshoot connectivity issues with the firewall. If legitimate traffic is blocked by a protection, and the protection has a Confidence level of Low, you have a good indication that more granular configurations might be required on this protection.

Performance Impact
Some protections require the use of more resources or apply to common types of traffic, which adversely affects the performance of the gateways on which they are activated.
Note -The Performance Impact of protections is rated based on how they affect gateways of this version which run SecurePlatform and Windows operating systems. The Performance Impact on other gateways may be different than the rating listed on the protection.
For example, you might want to make sure that protections that have a Critical or High Performance Impact are not activated unless they have a Critical or High Severity, or you know the protection is necessary.
If your gateways experience heavy traffic load, be careful about activating High/Critical Performance Impact protections on profiles that affect a large number of mixed (client and server) computers.
Use the value of this parameter to set an optimal protection profile, in order to prevent overload on the gateway resources.

-Jason

0 Kudos
Tomer_Sole
Mentor
Mentor

G_W_Albrecht
Legend
Legend

Please also look into the IPS Self Help Guide for R80.10 - here, you will find references to sk43733 How to measure CPU time consumed by IPS protections and sk110737 IPS Analyzer Tool - How to analyze IPS performance efficiently as well as for other resources.

CCSE CCTE CCSM SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events