Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
sajin
Contributor

IPS Blade is preventing but not enabled

I enabled Threat Prevention Blade and later disabled all Threat Prevention Blades from Policies and Layers and General properties of the Firewall but could see IPS  and AB traffic in the logs which is DETECT and PREVENT. In SSH , "enabled_blades" it doesn't show the Threat Prevention Blades. The logs shows the OPTIMIZED profile is being blocked but there is no Threat Prevention in the policies. When i click OPTIMIZE profile in the log it takes me to READ ONLY MODE where in the Threat Prevention i could see the OPTIMIZED profile is enabled with all Blades. 

Closed the READ ONLY page and enabled back the THREAT PREVENTION Blade with IPS, AV, AB and  created a new profile disabling all the Blades and installed policy. Later again disabled Threat Prevention. Now am not able to see any Threat prevention Logs.

In the CPVIEW i could see the Threat prevention Blades enabled but not in "enabled_blades". Myself stimulated the same scenario in a VM and ended up with the same situation.

Kindly assist whether the IPS Blades will inspect traffic based on the Blades enabled in the General profile or profile inside the Threat prevention.

Firewall- R80.10

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

If you've disabled the blades in the General Properties of the relevant gateway object, then the blades should not be active irrespective of the Threat Prevention profile assigned.
For any of these changes to take effect, the policy must be pushed to the relevant gateway.
For R80.x gateways, you can push just the Threat Prevention profile.
For R77.x gateways with IPS, you also need to push the Access Control policy.
0 Kudos
Timothy_Hall
Champion
Champion

What is being enforced is probably the "Inspection Settings" part of the Access Control policy on your R80.10 gateway.  These will be enforced separate from any part of Threat Prevention, have you checked there?  Inspection Settings used to part of IPS in R77.30 which can be a bit confusing...

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events