Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
wsitu
Explorer

ips and threat prevention profile activation

I have a situation with gateways are migrated from r77.x using legacy IPS profile that now also have Threat Prevention profile enabled.  in this case is the gateway doing double inspection or only 1 profile is active?  if only 1 profile is active, which one?

 

[Expert@FW01:0]# ips stat
IPS Status: Enabled
Active Profiles:
IPS_Profile_12345
ThreatPrevention_Profile_12345
IPS Update Version: 635225437
Global Detect: Off
Bypass Under Load: Off

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

The answer is both profiles are active: one specifically for IPS, and one specifically for the other Threat Prevention blades.
They both operate in parallel.
The reason for this is because R77.x (and earlier) gateways require an Access Policy push to update the IPS policy.
Once you've eliminated all R77.x (and earlier) gateways from your configuration, you will be able to remove that "shared" IPS policy and have a unified Threat Prevention profile that also includes IPS. 

0 Kudos