IPS Protections Severity Levels

[PhoneBoy]

In case you are curious what the definitions of the IPS Protection severity levels, they're finally documented in an SK.

https://supportcenter.checkpoint.com...ionid=sk116254

[ShadowPeak.com]

In case you are curious what the definitions of the IPS Protection severity levels, they're finally documented in an SK.

https://supportcenter.checkpoint.com...ionid=sk116254

Having a similar SK for the Performance Impact rankings of IPS signatures would be helpful. Based on a bunch of lab testing and my personal experiences, the best I could come up with for my book Max Power was the following:

• IPS Protections with a “Very Low” or “Low” Performance Impact are processed 100% in the Accelerated Path (SXL)
• IPS Protections with a “Medium” Performance Impact are processed at least 90% in the Medium Path (PXL)
• IPS Protections with a “High” Performance Impact appear to be processed about 50% in the Medium Path (PXL) and about 50% in the Firewall Path (F2F)
• IPS Protections with a “Critical” Performance Impact are processed 100% in the Firewall Path (F2F)

Since publication I have been told that my assumptions are more or less correct. There are some vague statements about this in various SKs but it would be nice for some confirmation, especially for the "High" impact level which seemed to be all over the place.

[PhoneBoy]

I just updated the SK to include information on Performance and Confidence of protections.
As you said, your assumptions are more or less correct. :)

[ShadowPeak.com]

I just updated the SK to include information on Performance and Confidence of protections.
As you said, your assumptions are more or less correct. :)

Very nice, thank you!