CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


I'd like to thank everyone involved for making "The CPUG Challenge" a great success.
We helped a lot of people see and learn a bit more about R80.10, while having some fun.
We will be using this success to try and bring more events to more locations soon. -E

 

Results 1 to 3 of 3

Thread: How to setup a new IPS sensor with 77.30?

  1. #1
    Join Date
    2015-04-23
    Posts
    2
    Rep Power
    0

    Default How to setup a new IPS sensor with 77.30?

    Hi There

    Is it still possible using CPT R77.30 as IPS sensor only?

    If no, how could you achieve the same functionality?
    We used mirrored ports to detect only traffic.

    So it looks like you have to install now a fully Features Firewall with IPDS blade on top, can you define a detect ONLY Interface so something like that?

    Any input is welcome.

    Thanks Oliver

  2. #2
    Join Date
    2007-06-04
    Posts
    3,221
    Rep Power
    15

    Default Re: How to setup a new IPS sensor with 77.30?

    Last Version of IPS-1 was R71, since then is only IPS Blade on the Check Point Firewall.

    For R77.30 Read Security Gateway Tech Admin Guide Chapter 6 - Monitor Mode
    sk88980 says how to configure a Security Policy for Monitor Mode
    sk101670 expands on Monitor Mode

    Interfaces can be set to Monitor Mode via the WebUI or CLI

    Should give you enough to go through and configure the interface and security policy.

    You will still have the Firewall Policy but basically set to Any, Any, Any in the Firewall Policy.

  3. #3
    Join Date
    2006-09-26
    Posts
    2,974
    Rep Power
    13

    Default Re: How to setup a new IPS sensor with 77.30?

    Quote Originally Posted by mcnallym View Post
    Last Version of IPS-1 was R71, since then is only IPS Blade on the Check Point Firewall.

    For R77.30 Read Security Gateway Tech Admin Guide Chapter 6 - Monitor Mode
    sk88980 says how to configure a Security Policy for Monitor Mode
    sk101670 expands on Monitor Mode

    Interfaces can be set to Monitor Mode via the WebUI or CLI

    Should give you enough to go through and configure the interface and security policy.

    You will still have the Firewall Policy but basically set to Any, Any, Any in the Firewall Policy.
    I am currently testing IPS on the Power-1 11065 with R77.30 in monitor mode and it is very slow. Furthermore, the IPS has not caught anything yet.

Similar Threads

  1. LAB setup
    By kevin_turner in forum Miscellaneous
    Replies: 1
    Last Post: 2007-12-20, 09:59
  2. SCV setup....
    By evo22 in forum SecureClient/SecuRemote
    Replies: 2
    Last Post: 2007-11-12, 12:22
  3. IP650 setup
    By Joe T in forum Installing And Upgrading
    Replies: 0
    Last Post: 2007-02-10, 00:17
  4. 4200 Nokia Sensor Install
    By Kubann in forum Installing And Upgrading
    Replies: 6
    Last Post: 2006-07-24, 03:01
  5. How to setup CVP?
    By roadrunner in forum Content Security/Security Servers/CVP/UFP
    Replies: 0
    Last Post: 2005-08-13, 15:43

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •