It is my first time configuring checkpoint products and i am still having some issues with the IPS.
I have a R80.10 firewall module with IPS enabled ( and configured in a rather strict profile) and a vulnerable web server behind it.
When I attack the web server, the IPS properly detects URL-based attack ( for instance a SQLi where the injection is in URL parameters ) but it doesn't detect or block anything that is done in the "body" of the request, for instance in POST params.
As i am a beginner this could be induced by a stupid configuration mistake but i did not find any sk specific to that issue.
Thank you in advance for your time and help.