- CheckMates
- :
- Products
- :
- Quantum
- :
- Threat Prevention
- :
- Re: IPS Global Policy protections are assigned to ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPS Global Policy protections are assigned to local GW cluster but the local protections don’t sync
First of all, all the best in the New 2021
Background info: We running R80.40 MDS with 10 CMA’s and the physical gateway clusters are running R80.20. Our CP hardware is sized to comfortably run IPS blade. The plan was to create a threat Prevention global policy IPS global profile, update the IPS protections then assign this global policy to 10 CMA’s each containing number of firewall clusters. The new protections downloaded via the global profile are set to “Staging Mode – Detect”. I do remember CheckPoint no longer recommends the use of staging mode but we used it just to test that the new global policy protections flagged up in staging mode are being replicated to the local gateway TP policy and they are not. In our environment being able to download and manage IPS protections via the global policy for each CMA so that any global TP changes get pushed down to the local policy would be a huge benefit in terms of time management compared to having to manage each IPS policy for every FW cluster individually. Unfortunately this does not work and the global policy does not sync the protections despite successful global policy assignment with the CMA, any ideas, appreciate your help?
I would be grateful for any specific instructions on how to configure the global policy TP protections so that these are then propagated to the local gateway clusters as per global policy. Hopefully this makes sense.
Config:
Global Policy IPS Profile is set to: Active – Accordint to profile. Set activation as staging mode - Detect
Global TP policy is assigned to the local CMA and the gateway successfully and shows in the local TP
Local GW Cluster Policy IPS protections - set to: USE IPS management updates
Gateway Cluster – is set to “Detect Only”
Issue:
Changing staging protections in global policy does not update the local TP policy accordingly, any ideas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have also similar issue. But here, whatever I am making changes in global IPS profile will get reflect in some of the local policies but some of the policies it not.
Can anyone advise what could be the cause or options we need to look for?
@PhoneBoy @Timothy_Hall Can you shed some light on this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can we have update on this please if you have any or I have to left out with Open TAC case
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I may be wrong--and you might want to check with the TAC to confirm--but I don't believe you can configure a "global" policy for Threat Prevention.