CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: Threat Prevention is Not Block DNS Reputation Traffic Which High Severity

  1. #1
    Join Date
    2016-06-11
    Posts
    7
    Rep Power
    0

    Default Threat Prevention is Not Block DNS Reputation Traffic Which High Severity

    Hello,

    My client have a concern on DNS Reputation traffic with High severity, but Checkpoint just detect on this traffic. And on the policy, we set block on High and Medium except Low that will detected.

    So anyone know how can change it? Or which setting that could turn it block or detect? Below is the screenshot of the log.

    Click image for larger version. 

Name:	image2.png 
Views:	52 
Size:	59.6 KB 
ID:	1423

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,249
    Rep Power
    14

    Default Re: Threat Prevention is Not Block DNS Reputation Traffic Which High Severity

    Quote Originally Posted by phaneath View Post
    Hello,

    My client have a concern on DNS Reputation traffic with High severity, but Checkpoint just detect on this traffic. And on the policy, we set block on High and Medium except Low that will detected.

    So anyone know how can change it? Or which setting that could turn it block or detect? Below is the screenshot of the log.

    Click image for larger version. 

Name:	image2.png 
Views:	52 
Size:	59.6 KB 
ID:	1423
    There is a bit more to it than that, determine what profile is being applied to the traffic/gateway in question and look here:

    Click image for larger version. 

Name:	tp_abot.jpg 
Views:	45 
Size:	216.5 KB 
ID:	1424
    --
    Second Edition of my "Max Power" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  3. #3
    Join Date
    2007-10-31
    Location
    Great Plains - USA
    Posts
    159
    Rep Power
    12

    Default Re: Threat Prevention is Not Block DNS Reputation Traffic Which High Severity

    It appears you have "DNS Trap" enabled, typically this is desirable, your requirements may dictate otherwise.

    With DNS Trap active a detect is expected for the DNS server traffic. When the client machine attempts to reach the questionable site it will be redirected to the "Trap" address and logged as being blocked.

Similar Threads

  1. Strange block for VPN traffic
    By mjensen in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 1
    Last Post: 2018-11-06, 17:56
  2. Best possible way to monitor AS2 traffic and block rogue Traffic
    By Druva in forum IPS Blade (Formerly SmartDefense)
    Replies: 2
    Last Post: 2016-01-04, 02:48
  3. Threat Prevention and Traditional Anti-Virus
    By aweldon in forum Threat Prevention
    Replies: 5
    Last Post: 2015-11-12, 15:52
  4. Replies: 3
    Last Post: 2011-09-29, 04:23
  5. Which Rule would block this traffic?
    By scucci in forum SmartView Tracker
    Replies: 1
    Last Post: 2008-11-07, 18:17

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •