IPS protections are enforced by Security Gateways with the IPS Software Blade. The page shows the list of all gateways enforcing IPS protections and the profile that is assigned to each gateway.
When you enable the IPS Software Blade on a Security Gateway object, the gateway is automatically added to the list of Enforcing Gateways and it is assigned the profile.
The Firewall Software Blade must be enabled to enable the IPS Software Blade.
You can use these CLI commands to manage IPS on your Security Gateways. You must be in expert mode to use the commands.
|
|
|
Command
|
Description
|
ips on|off [-n]
|
Enable or disable IPS on the Security Gateway.
|
-n
|
Empty templates table (applies immediately). Otherwise, this command takes effect in a few minutes.
|
ips stat
|
Show the IPS status of the Security Gateway.
|
ips bypass stat
|
Show the Bypass Under Load status.
|
ips bypass on|off
|
Enable or disable Bypass Under Load.
|
ips bypass set cpu|mem low|high <threshold>
|
Set the Bypass Under Load threshold.
|
threshold
|
Valid range is 1 to 99. Unit is percent.
|
ips debug [-e filter] -o <output_file>
|
Create an IPS debug file. Filter valid values are the same as for . Consult with Check Point Technical Support.
|
ips refreshcap
|
Refresh the sample capture repository.
|
ips stats [<ip_address> -m] [-g <seconds>] [<ip_address> <seconds>]
|
Print IPS and Pattern Matcher performance statistics. Without arguments, runs on current Security Gateway for 20 seconds. This is a resource intensive command. Do not run it on a system with a high load.
|
-m
|
Analyzes input statistics file from Security Gateway. Give IP address of the Security Gateway. Run from the management server.
|
-g
|
Collect statistics for current Security Gateway.
|
seconds
|
period in which statistics are gathered
|
ips pmstats reset
|
Reset pattern matcher statistics.
|
ips pmstats -o <output_file>
|
Print pattern matcher statistics.
|