So I have been updating the Check Point IPS signatures in my lab more aggressively lately, and flipped (almost all) of them into “protect” mode. I have noticed some of the signatures are detecting issues with some well known products and services. This is in no means a critique of the accuracy of the signatures, but rather some documentation on what I am seeing.
Just a few days ago I noticed Netflix stopped working in the house. Seeing the “Connection was reset” message in Firefox is always an indicator of an IPS issue.
So firing up SmartDashboard and Tracker (R77.20) mode revealed the following signature blocking access:
But the curious side of me thinks about tinkering…