So I have been updating the Check Point IPS signatures in my lab more aggressively lately, and flipped (almost all) of them into “protect” mode. I have noticed some of the signatures are detecting issues with some well known products and services. This is in no means a critique of the accuracy of the signatures, but rather some documentation on what I am seeing.
Just a few days ago I noticed Netflix stopped working in the house. Seeing the “Connection was reset” message in Firefox is always an indicator of an IPS issue.

So firing up SmartDashboard and Tracker (R77.20) mode revealed the following signature blocking access:
Okay well that is a pretty major signature. Non-compliant HTTP? The easy path is to just flip it into ‘detect’ and get on with House of Cards. Should I create an exception? Summarize all of AWS?
But the curious side of me thinks about tinkering…