AnsweredAssumed Answered

IPS questions

Question asked by SDE License Account on Jun 15, 2018
Latest reply on Jun 17, 2018 by Tomer Sole

Hi every one. I am putting together some documentation to train the new starters on checkpoint IPS just an over view and some tasty in depth details sort of thing. I have a couple of questions that I am trying to find answers to.


The first one is a generic question over load on the firewall. Obviously switching on IPS will increase load on the gateway and this over all load will vary depending on the type and volume of traffic traversing the firewall. Can any one suggest a rough % increase as a ball park figure so for instance you would expect to see a 5% increase in CPU load on the firewall just fow switching on the IPS module. Do not worry about flagging the whole PXL (medium path) impact on secure XL I am going to be flagging that in a separate section as a heads up I am just looking for a ball park figure expected load increase on un-accelerated traffic. 


The second question is around the order of processing when traffic is passed to the streaming engine for deep inspection. Looking through the documentation I have found all the wonderful marketing listing some of the components such as:


Passive streaming Libary

Protocol Parsers

Context Management Infastucture

Pattern Matcher 

And others


What I was wondering is if checkpoint can comment on the order in which these engines are called so I can let students know that when it hits this engine these processes are going to be called and we can expect to see them called in this order?


Any input would be greatly appreciated.