Managing System Services
R81.10.X Quantum Spark 1500, 1600, 1800, 1900, 2000 Appliances Locally Managed Administration Guide|396
Built-in System Services
Some built-in services represent Check Point's ability to perform deep inspection of the
specific protocol. These system services cannot be deleted. When you edit them, the ports
which you configure decide when the deep inspection occurs and you can add or change
default ports. Some system services have additional configuration which affect the way the
deep inspection is performed.
n
HTTP - The IPS settings tab lets you configure how and when HTTP deep inspection is
performed. Select the relevant options.
n
HTTPS - The URL Filtering settings tab lets you categorize HTTPS sites by information
in certificates.
n
FTP - The Firewall settings tab lets you configure how the firewall automatically detects
data connections. You can select one of these options:
l
Any - The Firewall detects and allows FTP data connections in all modes.
l
Active - The Firewall detects and allows FTP data connections in active mode only.
l
Passive - The Firewall detects and allows FTP data connections in passive mode
only.
n
PPTP_TCP - The IPS settings tab lets you configure how PPTP deep inspection is
performed.
l
Action on malformed connections - Choose the action to perform on connections
when parsing has failed.
l
Tracking - Choose the type of log to issue when parsing fails.
l
Enforce strict PPTP parsing - Select this to enforce strict adherence to the protocol.
n
SNMP - The Firewall settings tab lets you configure the firewall to enforce a read-only
mode in SNMP.
n
SSH - The Firewall settings tab lets you configure the firewall to block older version of
the SSH protocol (1.x).
n
Citrix - The Firewall settings tab lets you configure which protocol to support on the
configured ports. The default port 1494 is commonly used by two different protocols -
Winframe or Citrix ICA.
To Next Page
Loading...
