https://community.checkpoint.com/t5/General-Topics/TE1000-appliance-needs-install-policy/m-p/106003#M20305 <P>Hello.</P><P>TE1000 appliance is deployed on the Check Point NGTX firewall environment. In this case, Do we need to create a separate access control policy for TE1000 appliance. Do TE1000 need any install policy?</P> Mon, 21 Dec 2020 04:35:41 GMT Baasanjargal_Ts 2020-12-21T04:35:41Z https://community.checkpoint.com/t5/General-Topics/TE1000-appliance-needs-install-policy/m-p/106003#M20305 <P>Hello.</P><P>TE1000 appliance is deployed on the Check Point NGTX firewall environment. In this case, Do we need to create a separate access control policy for TE1000 appliance. Do TE1000 need any install policy?</P> Mon, 21 Dec 2020 04:35:41 GMT https://community.checkpoint.com/t5/General-Topics/TE1000-appliance-needs-install-policy/m-p/106003#M20305 Baasanjargal_Ts 2020-12-21T04:35:41Z https://community.checkpoint.com/t5/General-Topics/TE1000-appliance-needs-install-policy/m-p/106004#M20306 <P>Generally, yes.</P> Mon, 21 Dec 2020 04:52:36 GMT https://community.checkpoint.com/t5/General-Topics/TE1000-appliance-needs-install-policy/m-p/106004#M20306 PhoneBoy 2020-12-21T04:52:36Z https://community.checkpoint.com/t5/General-Topics/TE1000-appliance-needs-install-policy/m-p/106006#M20307 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="img-DC-06.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/9840i9DDCAC218293D5D5/image-size/large?v=v2&amp;px=999" role="button" title="img-DC-06.png" alt="img-DC-06.png" /></span></P><P>That is my TE_Policy rule. It has just one rule Any to Any Accept. Installation target is just TE1000x appliance. How about that; Does it look correct.?</P> Mon, 21 Dec 2020 05:00:00 GMT https://community.checkpoint.com/t5/General-Topics/TE1000-appliance-needs-install-policy/m-p/106006#M20307 Baasanjargal_Ts 2020-12-21T05:00:00Z https://community.checkpoint.com/t5/General-Topics/TE1000-appliance-needs-install-policy/m-p/106007#M20308 <P>Probably safer to configure a rule to allow https and ssh to the gateway and drop everything else, unless it’s an ICAP proxy.</P> Mon, 21 Dec 2020 06:27:39 GMT https://community.checkpoint.com/t5/General-Topics/TE1000-appliance-needs-install-policy/m-p/106007#M20308 PhoneBoy 2020-12-21T06:27:39Z https://community.checkpoint.com/t5/General-Topics/TE1000-appliance-needs-install-policy/m-p/106008#M20309 <P>Yeah, You mean just allow https and ssh between TE1000 and Gateway? We want to emulate HTTP, SMTP traffic too. How about in that case.?</P> <P>Also,&nbsp; I am wondering do local hosts need to connect TE1000 appliance.? As I understand TE1000 can connect to NGTX gateway and Smart-1 management server network is enough, or not?</P> Mon, 21 Dec 2020 06:36:07 GMT https://community.checkpoint.com/t5/General-Topics/TE1000-appliance-needs-install-policy/m-p/106008#M20309 Baasanjargal_Ts 2020-12-21T06:36:07Z