CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 3 of 3

Thread: Threat Prevention is Not Block DNS Reputation Traffic Which High Severity

  1. #1
    Join Date
    2016-06-11
    Posts
    7
    Rep Power
    0

    Default Threat Prevention is Not Block DNS Reputation Traffic Which High Severity

    Hello,

    My client have a concern on DNS Reputation traffic with High severity, but Checkpoint just detect on this traffic. And on the policy, we set block on High and Medium except Low that will detected.

    So anyone know how can change it? Or which setting that could turn it block or detect? Below is the screenshot of the log.

    Click image for larger version. 

Name:	image2.png 
Views:	232 
Size:	59.6 KB 
ID:	1423

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,252
    Rep Power
    17

    Default Re: Threat Prevention is Not Block DNS Reputation Traffic Which High Severity

    Quote Originally Posted by phaneath View Post
    Hello,

    My client have a concern on DNS Reputation traffic with High severity, but Checkpoint just detect on this traffic. And on the policy, we set block on High and Medium except Low that will detected.

    So anyone know how can change it? Or which setting that could turn it block or detect? Below is the screenshot of the log.

    Click image for larger version. 

Name:	image2.png 
Views:	232 
Size:	59.6 KB 
ID:	1423
    There is a bit more to it than that, determine what profile is being applied to the traffic/gateway in question and look here:

    Click image for larger version. 

Name:	tp_abot.jpg 
Views:	300 
Size:	216.5 KB 
ID:	1424
    --
    Third Edition of my "Max Power 2020" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  3. #3
    Join Date
    2007-10-31
    Location
    Great Plains - USA
    Posts
    161
    Rep Power
    16

    Default Re: Threat Prevention is Not Block DNS Reputation Traffic Which High Severity

    It appears you have "DNS Trap" enabled, typically this is desirable, your requirements may dictate otherwise.

    With DNS Trap active a detect is expected for the DNS server traffic. When the client machine attempts to reach the questionable site it will be redirected to the "Trap" address and logged as being blocked.

Similar Threads

  1. Strange block for VPN traffic
    By mjensen in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 1
    Last Post: 2018-11-06, 17:56
  2. Best possible way to monitor AS2 traffic and block rogue Traffic
    By Druva in forum IPS Blade (Formerly SmartDefense)
    Replies: 2
    Last Post: 2016-01-04, 02:48
  3. Threat Prevention and Traditional Anti-Virus
    By aweldon in forum Threat Prevention
    Replies: 5
    Last Post: 2015-11-12, 15:52
  4. Replies: 3
    Last Post: 2011-09-29, 04:23
  5. Which Rule would block this traffic?
    By scucci in forum SmartView Tracker
    Replies: 1
    Last Post: 2008-11-07, 18:17

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •