Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
batmunkh_unubuk
Contributor

how can i disable default all drop and protections?

how can i disable  default all drop and protections? CP default protection features block or dropping. because my internet very slow and some web sites cannot load......

0 Kudos
3 Replies
Marco_Valenti
Advisor

if you are talking about ips , you can put your profile in troubleshooting mode , all protection will be set as detect , at least in 77.30 Smiley Happy

0 Kudos
_Val_
Admin
Admin

It depends. Check Point rulebase drops all connections that are not matched to explicit and implied rules. For that matter, the best practice is to put any-any-any-log-drop rule at the end of it, to see the logs for all dropped traffic. If you change that rule to accept connections (which is a terrible security practice), rulebase will not drop them anymore.

as for any other protections, such as IPS, AVI, etc, you can just put them to detect only mode or to disable completely by removing corresponding software blades settings from your GW object.

That said, how do you know it is FW issue and not something external?

0 Kudos
Timothy_Hall
Champion
Champion

For IPS in particular you can just run ips off on the gateway to instantly turn it off.  If policy is reinstalled or the firewall rebooted IPS will be back on, current state can be checked with ips stat.

For the other elements of Threat Prevention I suppose you could unload the TP policy on the gateway with fw amw unload but be warned I have not tried doing this on a production firewall.

For Application Control and URL Filtering, I don't think there is a way to disable these on the fly without a policy reinstall to the gateway.

Then of course if you just want to turn your firewall into a pure router with no enforcement, no NAT, no antispoofing etc you could always do this which will cause an outage:

fw unloadlocal

echo 1 > /proc/sys/net/ipv4/ip_forward

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events