topic Re: Threat Emulation appliance connectivity in General Topics

Threat Emulation appliance connectivity

melcu — Tue, 22 Apr 2025 17:50:37 GMT

Hi Team,

I have a difficult customer that for every darn request he comes back with 23402983423 questions.

He has one Cluster and one TE250 appliance. Fast forward MGMT interfaces is not connected and he connected interface 1 from the appliance to the actual management vlan. Licensed the box and had no idea how to use it.

I told him to move the actual management IP address to the MGMT interface and put port1 to a network that belongs to a trusted segment between firewall and Threat Emulation appliance.

How he's asking me bunch of questions on which I have no idea how to answer.

- where to put the default route

- which interface will the appliance use to 'talk' with SMS about the license

- which interface will be used for updates from cloud

- how the internal VM will be updated ? (what ?! is this something that customer can do?)

- how does the gateway communicate with the TE appliance, on which interface

and the most funny one that melted my brain:

- how to enable MDPS on this appliance.

So I'm asking experts for some guidance as I'm telling you his questions are melting my brain.

Re: Threat Emulation appliance connectivity

the_rock — Tue, 22 Apr 2025 18:48:21 GMT

I believe as far as interfaces, you can pick whichever one you want. For MDPS, see below. As far as VM, how will it be updated? I dont really see any relevance to CP there.

Andy

https://support.checkpoint.com/results/sk/sk138672

Re: Threat Emulation appliance connectivity

melcu — Tue, 22 Apr 2025 18:52:23 GMT

Does TE appliances even support MDPS ?

So what's the purpose of having a dedicated MGMT interface if everything can be done through data ports ?

I've never touched a TE appliance and I have no idea how to connect it. For me it makes more sense to have high speed interfaces for firewall-TE communication and just leave the MGMT for Gaia purposes only.

But as far as static route .. if you put it through management (which has no internet access) then how the appliance will connect to CP cloud for updates ? No proxy in the network btw.

Re: Threat Emulation appliance connectivity

the_rock — Tue, 22 Apr 2025 19:03:47 GMT

I dont see why it would not support it, nothing for it listed under limitation. You are right about static route, connectivity needs to be there to connect externally, otherwise it will never get any updates.

Andy

Re: Threat Emulation appliance connectivity

PhoneBoy — Tue, 22 Apr 2025 20:52:20 GMT

What "interface" is used for any given communication is determined entirely by the device's routing table.
The "Main IP" for the TE object will be used for communication...on whatever interface that's configured on.
For offline updates of the Threat Emulation Engine (updates the underlying VMs), see: https://support.checkpoint.com/results/sk/sk92509

MDPS is only relevant on regular Security Gateways, not dedicated Threat Emulation appliances.