CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


I'd like to thank everyone involved for making "The CPUG Challenge" a great success.
We helped a lot of people see and learn a bit more about R80.10, while having some fun.
We will be using this success to try and bring more events to more locations soon. -E

 

Results 1 to 5 of 5

Thread: Question On Protocol and ClusterXL

  1. #1
    Join Date
    2017-05-16
    Posts
    15
    Rep Power
    0

    Default Question On Protocol and ClusterXL

    What is the difference between http and http80_NoSDF in firewall protocol?
    When does the latter appear? Caan I filter one but not the other in the FW logs?

    My workplace FW is using ClusterXL. Does that explain why I am learning 2 mac addresses from a device on two separate interfaces?
    Where can I learn more about clusterxl?

  2. #2
    Join Date
    2007-06-04
    Posts
    3,232
    Rep Power
    15

    Default Re: Question On Protocol and ClusterXL

    If you look under the Advanced Section of the Service Definition then will find that under the Protocol part then the HTTP Service has a Service type set.

    This causes certain IPS work against the traffic even if IPS Blade not enabled.

    http80_NoSDF will have been defined by an Administrator without the protocol setting under the Advanced Section so that no IPS is invoked.

    The NoSDF is probably short for NoSmartDeFense. SmartDefense being the predecessor to the IPS Blade.

  3. #3
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,050
    Rep Power
    12

    Default Re: Question On Protocol and ClusterXL

    Pretty sure SDF is referring to the Sticky Decision Function of Load-Sharing ClusterXL deployments. I assume the http80_NoSDF Protocol Type is excluding port 80 traffic matching this service object from the additional overhead of SDF. Should only matter in a Load Sharing deployment, not HA which is active/standby.
    --
    My book "Max Power: Check Point Firewall Performance Optimization"
    now available via http://maxpowerfirewalls.com.

  4. #4
    Join Date
    2017-05-16
    Posts
    15
    Rep Power
    0

    Default Re: Question On Protocol and ClusterXL

    Quote Originally Posted by mcnallym View Post
    If you look under the Advanced Section of the Service Definition then will find that under the Protocol part then the HTTP Service has a Service type set.

    This causes certain IPS work against the traffic even if IPS Blade not enabled.

    http80_NoSDF will have been defined by an Administrator without the protocol setting under the Advanced Section so that no IPS is invoked.

    The NoSDF is probably short for NoSmartDeFense. SmartDefense being the predecessor to the IPS Blade.
    Hi,

    where can i find the "Advanced Section of the Service Definition"?
    I know what is IPS. However, how is it different from IPS Blade? I thought blade is a type of firewall?

  5. #5
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,050
    Rep Power
    12

    Default Re: Question On Protocol and ClusterXL

    Quote Originally Posted by custom View Post
    Hi,

    where can i find the "Advanced Section of the Service Definition"?
    I know what is IPS. However, how is it different from IPS Blade? I thought blade is a type of firewall?
    A blade is just a software feature, IPS looks for known hostile attacks against clients and servers. The advanced properties of a service is here, and we are asumming the Protocol Type field is blank or set to none for your HTTP_noSDF service:

    Click image for larger version. 

Name:	ss1.jpg 
Views:	8 
Size:	47.2 KB 
ID:	1285

    Click image for larger version. 

Name:	ss2.jpg 
Views:	8 
Size:	79.7 KB 
ID:	1286
    --
    My book "Max Power: Check Point Firewall Performance Optimization"
    now available via http://maxpowerfirewalls.com.

Similar Threads

  1. ClusterXL HA interface topology question
    By cpinfo in forum Advanced Networking & Clustering Blade
    Replies: 4
    Last Post: 2016-08-10, 21:45
  2. ClusterXL Question - Setup
    By tdvit in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 3
    Last Post: 2012-07-05, 08:33
  3. Question about ClusterXL ...
    By lsyl69 in forum Licensing
    Replies: 1
    Last Post: 2010-02-23, 21:37
  4. Newbie question: ClusterXL vs HA
    By hotice_ in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 17
    Last Post: 2009-12-10, 12:06
  5. ClusterXL license question
    By cciesec2006 in forum Licensing
    Replies: 8
    Last Post: 2007-10-17, 11:06

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •