https://live.paloaltonetworks.com/t5/general-topics/ips-default-protections/m-p/23031#M16799 <HTML><HEAD></HEAD><BODY><P>Jeff, I think you may be asking a question that has a moving target for an answer.&nbsp; Maybe your best bet is to log into a PAN appliance and look at the signature list to see what the signature's default settings are.&nbsp; Every sig has its own default action, which could be reset server, reset client, reset both, alert, drop, drop all packets.&nbsp; These default actions are assigned by the PAN threat team when the new signature is added to the threat database.</P><P></P><P>Checkpoint IPS is known to trigger a very high rate false positives, which can severely limit its effectiveness.&nbsp; While no vendor can guarantee zero false positives, I believe PAN does a much better job in this arena.&nbsp; In part because of the efficiency that AppID gives you when married to IPS, the ease of use, and also in the implementation of the IPS signatures by PAN's threat team.</P><P></P><P><IMG src="file:/C:/DOCUME%7E1/SPOLO%7E1.PAL/LOCALS%7E1/Temp/moz-screenshot-15.png" /><IMG src="file:/C:/DOCUME%7E1/SPOLO%7E1.PAL/LOCALS%7E1/Temp/moz-screenshot-16.png" /><IMG src="file:/C:/DOCUME%7E1/SPOLO%7E1.PAL/LOCALS%7E1/Temp/moz-screenshot-17.png" /><IMG alt="1-28-2011 8-52-16 AM.png" class="jive-image-thumbnail jive-image" height="374" onclick="" src="https://live.paloaltonetworks.com/legacyfs/online/2162_1-28-2011 8-52-16 AM.png" width="676" /></P></BODY></HTML> Fri, 28 Jan 2011 16:57:18 GMT spolo 2011-01-28T16:57:18Z https://live.paloaltonetworks.com/t5/general-topics/ips-default-protections/m-p/23030#M16798 <HTML><HEAD></HEAD><BODY><P>I need a techincal answer for default protections with PAN IPS enabled.&nbsp; If possible, think in a CP-to-PAN conversion.&nbsp; I know...apples to oranges. </P><P></P><P>TIA - Jeff</P></BODY></HTML> Thu, 27 Jan 2011 16:55:56 GMT https://live.paloaltonetworks.com/t5/general-topics/ips-default-protections/m-p/23030#M16798 jhill 2011-01-27T16:55:56Z https://live.paloaltonetworks.com/t5/general-topics/ips-default-protections/m-p/23031#M16799 <HTML><HEAD></HEAD><BODY><P>Jeff, I think you may be asking a question that has a moving target for an answer.&nbsp; Maybe your best bet is to log into a PAN appliance and look at the signature list to see what the signature's default settings are.&nbsp; Every sig has its own default action, which could be reset server, reset client, reset both, alert, drop, drop all packets.&nbsp; These default actions are assigned by the PAN threat team when the new signature is added to the threat database.</P><P></P><P>Checkpoint IPS is known to trigger a very high rate false positives, which can severely limit its effectiveness.&nbsp; While no vendor can guarantee zero false positives, I believe PAN does a much better job in this arena.&nbsp; In part because of the efficiency that AppID gives you when married to IPS, the ease of use, and also in the implementation of the IPS signatures by PAN's threat team.</P><P></P><P><IMG src="file:/C:/DOCUME%7E1/SPOLO%7E1.PAL/LOCALS%7E1/Temp/moz-screenshot-15.png" /><IMG src="file:/C:/DOCUME%7E1/SPOLO%7E1.PAL/LOCALS%7E1/Temp/moz-screenshot-16.png" /><IMG src="file:/C:/DOCUME%7E1/SPOLO%7E1.PAL/LOCALS%7E1/Temp/moz-screenshot-17.png" /><IMG alt="1-28-2011 8-52-16 AM.png" class="jive-image-thumbnail jive-image" height="374" onclick="" src="https://live.paloaltonetworks.com/legacyfs/online/2162_1-28-2011 8-52-16 AM.png" width="676" /></P></BODY></HTML> Fri, 28 Jan 2011 16:57:18 GMT https://live.paloaltonetworks.com/t5/general-topics/ips-default-protections/m-p/23031#M16799 spolo 2011-01-28T16:57:18Z