https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/63723#M13310 <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="Bildschirmfoto 2019-09-26 um 10.52.17.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2632i7C97B6BDAD357308/image-size/large?v=v2&amp;px=999" role="button" title="Bildschirmfoto 2019-09-26 um 10.52.17.png" alt="Bildschirmfoto 2019-09-26 um 10.52.17.png" /></span>No - i have a separate TP policy for GWs (with enabled AV, ABOT, IPS and TE on remote appliance) and for TE (only TE enabled&nbsp;with local emulation).</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 26 Sep 2019 08:54:35 GMT G_W_Albrecht 2019-09-26T08:54:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/63458#M13305 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="TE - Copy - Copy.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2629i57D004D0B06EBE93/image-size/large?v=v2&amp;px=999" role="button" title="TE - Copy - Copy.png" alt="TE - Copy - Copy.png" /></span></P><P>&nbsp;</P><P>Hi Team,</P><P>Pls help me for the configuration.</P><P>As per the Diagram, we have Gateway with TE Appliance.</P><P>So basically we are using TE appliance only for emulation, not for extraction, ThreatExtraction happening on Gateway.</P><P>So for any file we are download from the Internet then first come to the gateway then gateway sends that file to TE for emulation then TE gives the verdict to Gateway then gateway sends the file to the end-user base on the policy. Correct me I am wrong.</P><P>I need a clear idea about configuration and working.</P><P><STRONG>Is this required to set Threat Prevention policy&nbsp; as Detect mode in TE Policy Package 2 ?</STRONG></P><P><STRONG>If I enable Threat Extraction on TE policy package 2 then?</STRONG></P><P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/25509">@Chinmaya_Naik</a>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 26 Sep 2019 07:26:43 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/63458#M13305 Chinmaya_Naik 2019-09-26T07:26:43Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/63460#M13306 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/25509">@Chinmaya_Naik</a>&nbsp;</P><P>Your diagram and notes seem correct. I would recommend to set the policy on detect the first few days so you can see how it works.</P><P>Another important part is to decide the file extensions that you will be checking and if you want to go with a fail open or fail close policy for your emulations.</P><P>Regards,</P> Mon, 23 Sep 2019 16:13:13 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/63460#M13306 FedericoMeiners 2019-09-23T16:13:13Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/63708#M13307 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/28479">@FedericoMeiners</a>&nbsp;</P><P>Thanks for the quick response.</P><P>I need to understand which one is the best practise to&nbsp; "set TE policy package threat prevention profile mode as DETECT or Prevent".</P><P>I also need to understand, as per my current scenario If&nbsp; am enable the Threat Extraction on&nbsp;TE policy package threat prevention profile then?</P><P>&nbsp;</P><P>Regards</P><P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/25509">@Chinmaya_Naik</a>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 26 Sep 2019 06:13:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/63708#M13307 Chinmaya_Naik 2019-09-26T06:13:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/63711#M13308 <P>I must confess that your diagram confuses me ! I have a similar (LAB) configuration with a single GW instead of a cluster and a local TE appliance. But i have configured it differently:</P> <P>- My TE has only FW and TE blades enabled - i see no point in enabling ABot and AV in both GW and TE. As the GW AV will check the hash before sending to TE, AV on TE seems useless.</P> <P>- TE does three passes for a verdict and the sums it up. There is no confidence level involved here, as the GW will send according to File Type and size only to TE and TX</P> Thu, 26 Sep 2019 07:08:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/63711#M13308 G_W_Albrecht 2019-09-26T07:08:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/63720#M13309 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/21294">@G_W_Albrecht</a>&nbsp;</P><P>Thanks for the update. I updated my diagram.</P><P>So basically you mean to say that, there not required to create a separate policy package for TE appliance.</P><P>So when I will install the Threat prevention policy on standard policy package then it needs to select the TE object as well? ,</P><P>Correct me If I am wrong.</P><P>Regards</P><P>Chinmaya_Naik</P> Thu, 26 Sep 2019 08:31:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/63720#M13309 Chinmaya_Naik 2019-09-26T08:31:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/63723#M13310 <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="Bildschirmfoto 2019-09-26 um 10.52.17.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2632i7C97B6BDAD357308/image-size/large?v=v2&amp;px=999" role="button" title="Bildschirmfoto 2019-09-26 um 10.52.17.png" alt="Bildschirmfoto 2019-09-26 um 10.52.17.png" /></span>No - i have a separate TP policy for GWs (with enabled AV, ABOT, IPS and TE on remote appliance) and for TE (only TE enabled&nbsp;with local emulation).</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 26 Sep 2019 08:54:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/63723#M13310 G_W_Albrecht 2019-09-26T08:54:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/63731#M13311 <P>What is important for your configuration:&nbsp;</P> <TABLE border="1" cellpadding="4"> <TBODY> <TR valign="top"> <TD>Cluster</TD> <TD> <UL> <LI>Threat Emulation local cache is <EM>not</EM> synchronized.</LI> </UL> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>See&nbsp;<A class="cp_link sc_ellipsis" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk114806&amp;partition=Advanced&amp;product=Threat" target="_blank">sk114806: ATRG: Threat Emulation&nbsp;</A>and&nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk102309" target="_blank" rel="noopener">sk102309 - Threat Emulation support for Multiple Private Cloud Appliances</A>.</P> Thu, 26 Sep 2019 10:43:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/63731#M13311 G_W_Albrecht 2019-09-26T10:43:26Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/63736#M13312 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/21294">@G_W_Albrecht</a>&nbsp;</P><P>Thanks for the update.</P><P>Find the below screenshot.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="TE1.png" style="width: 969px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2633iDE980BFB80894F1A/image-size/large?v=v2&amp;px=999" role="button" title="TE1.png" alt="TE1.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="TE2.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2636iC72C22F33ABAD247/image-size/large?v=v2&amp;px=999" role="button" title="TE2.png" alt="TE2.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="TE3.png" style="width: 984px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2634i8F39B8B30E050A4A/image-size/large?v=v2&amp;px=999" role="button" title="TE3.png" alt="TE3.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="TE4.png" style="width: 989px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/2635i9C7E3C7192C505B7/image-size/large?v=v2&amp;px=999" role="button" title="TE4.png" alt="TE4.png" /></span></P><P>&nbsp;</P><P>As last screenshot ,&nbsp; this is what I need to know that what I need to set on Activation Mode.</P><P>Still, I am not face any issue, I need to understand the proper configuration because I see some different configuration on two different places but still both are working.</P><P>Thank You&nbsp;</P><P>Chinmaya Naik</P> Thu, 26 Sep 2019 10:55:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/63736#M13312 Chinmaya_Naik 2019-09-26T10:55:22Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/99620#M13313 <P>Hi Team,</P><P>Pls give me a clarification on this.</P><P>Thanks and Regards</P><P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/25509">@Chinmaya_Naik</a>&nbsp;</P> Tue, 20 Oct 2020 16:53:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Threat-Prevention-policy-configuration-when-HTTP-emulation-on/m-p/99620#M13313 Chinmaya_Naik 2020-10-20T16:53:03Z