Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Updating Protections

In This Chapter

IPS Services

Managing IPS Contracts

Updating IPS Protections

IPS Services

IPS Services maintains the most current preemptive security for the Check Point security infrastructure. To help protections stay continuously ahead of today's constantly evolving threat landscape, IPS Services provide ongoing and real-time updates and configuration advice for protections and security policies found in IPS.

IPS Services include useful tools such as:

  • Protection Updates — Preemptive, ongoing and real-time protection updates, including new protection capabilities for emerging protocols and applications
  • Advisories — Step-by-step instructions on how to activate and configure protections against emerging threats and vulnerabilities, usually before exploits are created by hackers
  • Security Best Practices — The latest security recommendations from Check Point
  • Microsoft Security Page — Extensive coverage of Microsoft Security Bulletins and methods to protect your Microsoft environment

For more information about the full range of IPS Services, go to:

http://www.checkpoint.com/defense/advisories/public/index.html

Managing IPS Contracts

To begin using IPS, enter the contract information in SmartUpdate.

If the contract is not applied properly or if it is expired, you will be notified with a message stating that the gateway does not have an IPS contract. New protections will not be downloaded if the IPS contract is expired.

Updating IPS Protections

Check Point is constantly developing and improving its protections against the latest threats. You can manually update the IPS protections and also set a schedule when updates are automatically downloaded and installed.

Note - The Security Gateways with IPS enabled only get the updates after you install the Policy.

To show the IPS update settings:

Click the IPS tab and from the navigation tree click Download Updates.

Configuring Update Options

Before downloading the latest protections, configure the following options:

  • Mark new protections for Follow Up can be configured in the Follow Up page. When selected, protections that are downloaded during an update will be automatically marked with a Follow Up flag and will be listed in the Follow Up page.
  • Using a proxy server lets you enter proxy server information for IPS to use during manual and scheduled updates. Manual Updates require that the SmartDashboard host connects to the internet. Scheduled Update requires that the Security Management Server connects to the internet. To receive updates connecting these computers to the internet, enter proxy server information in Download Updates.
  • Apply Revision Control automatically creates a Database Revision before the update occurs. Restoring this database version will allow you to revert the database back to the state that it was in before the update was performed. For more information about Database Revision Control, see the R76 Security Management Administration Guide.
  • Check for new updates while the SmartDashboard is active automatically checks for new updates while you have SmartDashboard open. If there are new updates, you will be prompted to Update Now or view the Version Information which details the updates that are available. You may also close the notification without updating.

Updating IPS Manually

You can immediately update IPS with real-time information on attacks and all the latest protections from the IPS website. You can only manually update IPS if a proxy is defined in Internet Explorer settings.

To obtain updates of all the latest protections from the IPS website:

  1. Configure the settings for the proxy server in Internet Explorer.
    1. In Microsoft Internet Explorer, open Tools > Internet Options > Connections tab > LAN Settings.

      The LAN Settings window opens.

    2. Select Use a proxy server for your LAN.
    3. Configure the IP address and port number for the proxy server.
    4. Click OK.

      The settings for the Internet Explorer proxy server are configured.

  2. In the IPS tab, select Download Updates and click Update Now.

If you chose to automatically mark new protections for Follow Up, you have the option to open the Follow Up page directly to see the new protections.

To Configure IPv6 proxy support:

If the proxy uses an IPv6 address:

  1. Open Control Panel > System and Security > System > Advanced System Settings.
  2. Open the Advanced tab > Environment variables.
  3. Create a new User Variable.
  4. Set the value to: updates_over_IPv6=1.

Scheduling IPS Updates

You can configure a schedule for downloading the latest IPS protections and protections descriptions. Because policy installation is required in order to install the newly downloaded protections on devices, you can also choose to install the policy automatically after the new IPS information is downloaded.

To schedule IPS protections updates:

  1. In the IPS tab, select Download Updates and click Scheduled Update.
  2. Select Enable IPS scheduled update.
  3. Click Edit Schedule to create a schedule for the updates.

    The Scheduled Event Properties window opens.

    1. In the General tab, enter the name of the schedule and the time that the update will run. You can choose to run the update either:
      • At a specified hour
      • At time intervals, such as every 12 hours

      To run the updates at a time interval, you must choose Every day in the Days tab.

    2. In the Days tab, choose the days that the update will run. You can choose to run the update either:
      • Every day
      • On specified days of the week
      • On specified days of the month
    3. Click OK to save the schedule.

    The resulting schedule is shown in the Scheduled Event Properties window.

  4. Click User Center credentials to enter you User Center username and password.

    The User Center credentials are stored. These credentials are also used to check the status of your IPS contracts.

Once you set up a schedule, you can also choose these options:

  • On update failure perform X retries lets you to specify how many tries the Scheduled Update will make if it does not complete successfully the first time.
  • On successful update, perform Install Policy automatically installs the policy on the devices selected using Edit Settings once the IPS update is completed. Both the IPS and Firewall policies install on gateways with the IPS Software Blade enabled.

Importing an Update Package

If Check Point Support needs to give you a special update package, you can use Offline Update to import the update package.

To update protections from an update package:

  1. In the IPS tab, select Download Updates and click Offline Update.
  2. Browse to the update package.
  3. Click OK.

Note: Offline updates require approval from Check Point. To request approval, contact Check Point Account Services at: ACCOUNTSERVICES@CHECKPOINT.COM.

Reviewing New Protections

To see newly downloaded protections:

  1. In the IPS was successfully updated message box, select the Switch to the Follow Up topic to see the new protections.

    You can also go to IPS > Protections.

  2. Sort the Protections by Release Date to see the latest protections.
 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print