https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sharing-Threat-Emulation-Appliance-Between-Two-Security-Gateways/m-p/253257#M49640 <P>Does it mean configuring SIC between them would enable&nbsp;<SPAN>administration&nbsp;from the another Management server through SmartConsole, therefore configuring TLS is sufficient to work?</SPAN></P> Wed, 16 Jul 2025 09:11:14 GMT usukhbayar_g 2025-07-16T09:11:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sharing-Threat-Emulation-Appliance-Between-Two-Security-Gateways/m-p/253255#M49638 <P>We’re currently using a Check Point SandBlast appliance together with our Security Gateway. I’d like to know: is it possible to connect this same SandBlast appliance to another Security Gateway that’s managed by a different Management Server—<STRONG>without</STRONG> giving that team full admin access to our SandBlast?</P><P>I saw in the setup guide that the other side needs to create a gateway object and define it as a "TE Appliance." I’m wondering—does doing this give them the same kind of administrative permissions over the appliance that we currently have?</P> Wed, 16 Jul 2025 08:48:35 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sharing-Threat-Emulation-Appliance-Between-Two-Security-Gateways/m-p/253255#M49638 usukhbayar_g 2025-07-16T08:48:35Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sharing-Threat-Emulation-Appliance-Between-Two-Security-Gateways/m-p/253256#M49639 <P>In&nbsp;<A href="https://support.checkpoint.com/results/sk/sk113599" target="_blank">https://support.checkpoint.com/results/sk/sk113599</A>&nbsp;we learn that you can use the TE appliance together with a number of Harmony Endpoint Security servers, so sharing should be possible. I would suggest to contact CP TAC to learn how to configure such a deployment! It looks as if only a certificate for TLS is needed but no SIC that would enable administration tasks from SMS.</P> Wed, 16 Jul 2025 09:05:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sharing-Threat-Emulation-Appliance-Between-Two-Security-Gateways/m-p/253256#M49639 G_W_Albrecht 2025-07-16T09:05:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sharing-Threat-Emulation-Appliance-Between-Two-Security-Gateways/m-p/253257#M49640 <P>Does it mean configuring SIC between them would enable&nbsp;<SPAN>administration&nbsp;from the another Management server through SmartConsole, therefore configuring TLS is sufficient to work?</SPAN></P> Wed, 16 Jul 2025 09:11:14 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sharing-Threat-Emulation-Appliance-Between-Two-Security-Gateways/m-p/253257#M49640 usukhbayar_g 2025-07-16T09:11:14Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sharing-Threat-Emulation-Appliance-Between-Two-Security-Gateways/m-p/253258#M49641 <P>Afaik you can only establish SIC with one SMS ! With SIC established, you have access to the GW/TE appliance by using SMS CLI:</P> <P><STRONG><CODE>$CPDIR/bin/cprid_util -server &lt;IPv4 Address of appliance&gt; -verbose rexec -rcmd /bin/clish -c "show date"</CODE></STRONG></P> <P>See<STRONG><CODE><A href="https://support.checkpoint.com/results/sk/sk101047" target="_blank" rel="noopener"><SPAN>sk101047: How to manage a Security Gateway using the "cprid_util" tool</SPAN></A></CODE></STRONG>&nbsp;for details!</P> Wed, 16 Jul 2025 09:46:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sharing-Threat-Emulation-Appliance-Between-Two-Security-Gateways/m-p/253258#M49641 G_W_Albrecht 2025-07-16T09:46:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sharing-Threat-Emulation-Appliance-Between-Two-Security-Gateways/m-p/253324#M49648 <P>Looking at&nbsp;<A href="https://support.checkpoint.com/results/sk/sk113599" target="_blank" rel="noopener noreferrer">sk113599</A><SPAN>&nbsp;it's only talking about establishing connectivity with Harmony Endpoint and Harmony Browse.<BR />For a Check Point gateway, I assume the appliance has to be SICed to the same management domain.<BR />Not sure how this would work for an externally managed TE appliance (or if this is even supported).<BR /></SPAN></P> Wed, 16 Jul 2025 16:52:17 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sharing-Threat-Emulation-Appliance-Between-Two-Security-Gateways/m-p/253324#M49648 PhoneBoy 2025-07-16T16:52:17Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sharing-Threat-Emulation-Appliance-Between-Two-Security-Gateways/m-p/253356#M49651 <P>Hello,</P><P>Personally I’m using my sandblast with a third-party vendor, as an ICAP server. Maybe someone knows if the Secure Gateways can be configured as a ICAP client?&nbsp; And then the gateways could declare your sandblast as their Icap server ? It might do the trick.</P> Thu, 17 Jul 2025 09:55:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sharing-Threat-Emulation-Appliance-Between-Two-Security-Gateways/m-p/253356#M49651 Josh28 2025-07-17T09:55:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sharing-Threat-Emulation-Appliance-Between-Two-Security-Gateways/m-p/253358#M49652 <P>Per documentation, it is indeed possible, <A href="https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_ThreatPrevention_AdminGuide/Content/Topics-TPG/ICAP_Client.htm?tocpath=Custom%20Threat%20Prevention%7CICAP%7CSecurity%20Gateway%20as%20ICAP%20Client%7C_____0" target="_self">see here, for example</A></P> Thu, 17 Jul 2025 10:24:45 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Sharing-Threat-Emulation-Appliance-Between-Two-Security-Gateways/m-p/253358#M49652 _Val_ 2025-07-17T10:24:45Z