CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


I'd like to thank everyone involved for making "The CPUG Challenge" a great success.
We helped a lot of people see and learn a bit more about R80.10, while having some fun.
We will be using this success to try and bring more events to more locations soon. -E

 

Results 1 to 4 of 4

Thread: IPS Protections Severity Levels

  1. #1
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,252
    Rep Power
    14

    Default IPS Protections Severity Levels

    In case you are curious what the definitions of the IPS Protection severity levels, they're finally documented in an SK.

    https://supportcenter.checkpoint.com...ionid=sk116254
    http://phoneboy.com
    Unless otherwise noted, views expressed are my own

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    1,955
    Rep Power
    11

    Default Re: IPS Protections Severity Levels

    Quote Originally Posted by PhoneBoy View Post
    In case you are curious what the definitions of the IPS Protection severity levels, they're finally documented in an SK.

    https://supportcenter.checkpoint.com...ionid=sk116254
    Having a similar SK for the Performance Impact rankings of IPS signatures would be helpful. Based on a bunch of lab testing and my personal experiences, the best I could come up with for my book Max Power was the following:

    • IPS Protections with a “Very Low” or “Low” Performance Impact are processed 100% in the Accelerated Path (SXL)
    • IPS Protections with a “Medium” Performance Impact are processed at least 90% in the Medium Path (PXL)
    • IPS Protections with a “High” Performance Impact appear to be processed about 50% in the Medium Path (PXL) and about 50% in the Firewall Path (F2F)
    • IPS Protections with a “Critical” Performance Impact are processed 100% in the Firewall Path (F2F)

    Since publication I have been told that my assumptions are more or less correct. There are some vague statements about this in various SKs but it would be nice for some confirmation, especially for the "High" impact level which seemed to be all over the place.
    --
    My book "Max Power: Check Point Firewall Performance Optimization"
    now available via http://maxpowerfirewalls.com.

  3. #3
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,252
    Rep Power
    14

    Default Re: IPS Protections Severity Levels

    I just updated the SK to include information on Performance and Confidence of protections.
    As you said, your assumptions are more or less correct. :)
    http://phoneboy.com
    Unless otherwise noted, views expressed are my own

  4. #4
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    1,955
    Rep Power
    11

    Default Re: IPS Protections Severity Levels

    Quote Originally Posted by PhoneBoy View Post
    I just updated the SK to include information on Performance and Confidence of protections.
    As you said, your assumptions are more or less correct. :)
    Very nice, thank you!
    --
    My book "Max Power: Check Point Firewall Performance Optimization"
    now available via http://maxpowerfirewalls.com.

Similar Threads

  1. IPS license and standard DoS protections
    By sysroute in forum IPS Blade (Formerly SmartDefense)
    Replies: 2
    Last Post: 2016-03-28, 05:10
  2. Missing IPS Protections in R75.20
    By mhicks in forum SmartDashboard
    Replies: 1
    Last Post: 2011-10-26, 09:36
  3. DNS Server Protections
    By wolfmeiister in forum IPS Blade (Formerly SmartDefense)
    Replies: 0
    Last Post: 2011-05-18, 17:34
  4. IPS Geo Protections
    By armando.ferreira in forum Geo Protection
    Replies: 4
    Last Post: 2010-08-16, 11:22
  5. What are the security levels on the Safe@/Nokia IP30?
    By roadrunner in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 0
    Last Post: 2005-08-13, 16:16

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •