Updating Protections
IPS Services
IPS Services maintains the most current preemptive security for the Check Point security infrastructure. To help protections stay continuously ahead of today's constantly evolving threat landscape, IPS Services provide ongoing and real-time updates and configuration advice for protections and security policies found in IPS.
IPS Services include useful tools such as:
- Protection Updates — Preemptive, ongoing and real-time protection updates, including new protection capabilities for emerging protocols and applications
- Advisories — Step-by-step instructions on how to activate and configure protections against emerging threats and vulnerabilities, usually before exploits are created by hackers
- Security Best Practices — The latest security recommendations from Check Point
- Microsoft Security Page — Extensive coverage of Microsoft Security Bulletins and methods to protect your Microsoft environment
For more information about the full range of IPS Services, go to:
http://www.checkpoint.com/defense/advisories/public/index.html
Managing IPS Contracts
To begin using IPS, enter the contract information in SmartUpdate.
If the contract is not applied properly or if it is expired, you will be notified with a message stating that the gateway does not have an IPS contract. New protections will not be downloaded if the IPS contract is expired.
Updating IPS Protections
Check Point is constantly developing and improving its protections against the latest threats. You can manually update the IPS protections and also set a schedule when updates are automatically downloaded and installed.
|
Note - The Security Gateways with IPS enabled only get the updates after you install the Policy.
|
To show the IPS update settings:
Click the tab and from the navigation tree click .
Configuring Update Options
Before downloading the latest protections, configure the following options:
- Mark new protections for Follow Up can be configured in the Follow Up page. When selected, protections that are downloaded during an update will be automatically marked with a Follow Up flag and will be listed in the Follow Up page.
- Using a proxy server lets you enter proxy server information for IPS to use during manual and scheduled updates. Manual Updates require that the SmartDashboard host connects to the internet. Scheduled Update requires that the Security Management Server connects to the internet. To receive updates connecting these computers to the internet, enter proxy server information in Download Updates.
- Apply Revision Control automatically creates a Database Revision before the update occurs. Restoring this database version will allow you to revert the database back to the state that it was in before the update was performed. For more information about Database Revision Control, see the R76 Security Management Administration Guide.
- Check for new updates while the SmartDashboard is active automatically checks for new updates while you have SmartDashboard open. If there are new updates, you will be prompted to Update Now or view the Version Information which details the updates that are available. You may also close the notification without updating.
Updating IPS Manually
You can immediately update IPS with real-time information on attacks and all the latest protections from the IPS website. You can only manually update IPS if a proxy is defined in Internet Explorer settings.
To obtain updates of all the latest protections from the IPS website:
- Configure the settings for the proxy server in Internet Explorer.
- In Microsoft Internet Explorer, open tab .
The LAN Settings window opens.
- Select .
- Configure the IP address and port number for the proxy server.
- Click .
The settings for the Internet Explorer proxy server are configured.
- In the IPS tab, select and click .
If you chose to automatically mark new protections for Follow Up, you have the option to open the Follow Up page directly to see the new protections.
To Configure IPv6 proxy support:
If the proxy uses an IPv6 address:
- Open .
- Open the .
- Create a new .
- Set the value to:
updates_over_IPv6=1 .
Scheduling IPS Updates
You can configure a schedule for downloading the latest IPS protections and protections descriptions. Because policy installation is required in order to install the newly downloaded protections on devices, you can also choose to install the policy automatically after the new IPS information is downloaded.
To schedule IPS protections updates:
- In the IPS tab, select and click .
- Select .
- Click to create a schedule for the updates.
The Scheduled Event Properties window opens.
- In the tab, enter the name of the schedule and the time that the update will run. You can choose to run the update either:
- At a specified hour
- At time intervals, such as every 12 hours
To run the updates at a time interval, you must choose in the tab.
- In the tab, choose the days that the update will run. You can choose to run the update either:
- Every day
- On specified days of the week
- On specified days of the month
- Click to save the schedule.
The resulting schedule is shown in the Scheduled Event Properties window.
- Click to enter you User Center username and password.
The User Center credentials are stored. These credentials are also used to check the status of your IPS contracts.
Once you set up a schedule, you can also choose these options:
- lets you to specify how many tries the Scheduled Update will make if it does not complete successfully the first time.
- automatically installs the policy on the devices selected using once the IPS update is completed. Both the IPS and Firewall policies install on gateways with the IPS Software Blade enabled.
Importing an Update Package
If Check Point Support needs to give you a special update package, you can use Offline Update to import the update package.
To update protections from an update package:
- In the IPS tab, select and click .
- Browse to the update package.
- Click .
: Offline updates require approval from Check Point. To request approval, contact Check Point Account Services at: ACCOUNTSERVICES@CHECKPOINT.COM.
Reviewing New Protections
To see newly downloaded protections:
- In the IPS was successfully updated message box, select the Switch to the Follow Up topic to see the new protections.
You can also go to IPS > Protections.
- Sort the Protections by Release Date to see the latest protections.
|