Inspection Settings

You can configure inspection settings for the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.:

  • Deep packet inspection settings

  • Protocol parsing inspection settings

  • VoIP packet inspection settings

The Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. comes with two preconfigured inspection profiles for the Security Gateway:

  • Default Inspection

  • Recommended Inspection

When you configure a Security Gateway, the Default Inspection profile is enabled for it. You can also assign the Recommended Inspection profile to the Security Gateway, or to create a custom profile and assign it to the Security Gateway.

To activate the Inspection Settings, install the Access Control Policy.

Note - In SmartDashboardClosed Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings.R77.30 and lower, Inspection Settings are configured as IPS Protections.

Configuring Inspection Settings

  1. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., go to the Manage & Settings > Blades view.

  2. In the General section, click Inspection Settings.

    The Inspection Settings window opens.

You can:

  • Edit inspection settings.

  • Edit user-defined Inspection Settings profiles. You cannot change the Default Inspection profile and the Recommended Inspection profile.

  • Assign Inspection Settings profiles to Security Gateways.

  • Configure exceptions to settings.

  1. In the Inspection Settings > General view, select a setting.

  2. Click Edit.

  3. In the window that opens, select a profile, and click Edit.

    The settings window opens.

  4. Select the Main Action:

    • Default Action - preconfigured action

    • Override with Action - from the drop-down menu, select an action with which to override the default - Accept, Drop, Inactive (the setting is not activated)

  5. Configure the Logging Settings

    Select Capture Packets, if you want to be able to examine packets that were blocked in Drop rules.

  6. Click OK.

  7. Click Close.

For advanced configuration of SYN attacks, see sk120476.

  1. In the Inspection Settings > General view, click View > Show Profiles.

  2. In the window that opens, select Specific Inspection settings profiles.

  3. Select profiles.

  4. Click OK.

    Only settings for the selected profiles are shown.

You can add, edit, or delete custom Inspection Settings profiles.

  1. In the Inspection Settings > Profiles view, select a profile.

  2. Click Delete, to remove it, or click Edit to change the profile name, associated color, or tag.

  3. If you edited the profile attributes, Click OK to save the changes.

  1. In the Profiles view, click New.

  2. In the New Profile window that opens, edit the profile attributes:

  3. Click OK.

  1. In the Inspection Settings > Gateways view, select a Security Gateway, and click Edit.

  2. In the window that opens, select an Inspection Settings profile.

  3. Click OK.

  1. In the Inspection Settings > Exceptions view, click New to add a new exception, or select an exception and click Edit to modify an existing one.

    The Exception Rule window opens.

  2. Configure the exception settings:

    • Apply To - select the Profile to which to apply the exception

    • Protection - select the setting

    • Source - select the source Network Object, or select IP Address and enter a source IP address

    • Destination - select the destination Service Object

    • Service - select Port/Range, TCP or UDP, and enter a destination port number or a range of port numbers

    • Install On - select a Security Gateway, on which to install the exception

  3. Click OK.

To enforce the changes, install the Access Control Policy.