SandBlast Now Product Brief
SandBlast Now is generally available to all customers. We have many production customers on the now.checkpoint.com cloud, and a few that have purchased private Now clouds.
CGI TAP is considered to be in EA. The main gaps towards GA are support for LB tapping for autoscaling; and a cloud service SKU.
I would like to know more information and what are the SKUs of the supported appliances, licensing, etc. to position in our clients.
The collateral hasn't kept up with the R&D team, we're moving really fast 🙂.
First of all, there are a few other posts on Checkmates - look for CGI TAP, a SandBlast Now Tech Talk, and a CPX 2020 breakout presentation by one of our customers.
We will be launching a new set of SandBlast Now Cloud service SKUs in the near future. Till that further notice, the existing licensing scheme is that the cloud service is included in the NGTX service. In other words, if you have an active service contract and support on your NGTX, you can use it in "Now Mode".
One caveat is that we support inline configurations only with a fail-open NIC. To make it easier, we created six NOW bundle SKUs that include a 4 port 1Gbps copper fail-open NIC with an NGTX appliance. These are: CPAP-SG5100-NOW, CPAP-SG5400-NOW, CPAP-SG5800-NOW, CPAP-SG5900-NOW-SSD, CPAP-SG15600-NOW, CPAP-SG23800-NOW. But as noted above, you can just use a standard NGTX license.
Yes. You actually need the fail-open card only if there's a need to put the appliance inline. A "NOW" appliance is simply a Check Point R80.40 gateway with a NOW hotfix.
It's included with NGTX, yes.
The appliance must be enrolled in the SandBlast Now portal, which brings the appliance under cloud management.
No local management is required.
Further, we do now have failopen NICs for the Quantum appliances (6000 and up):
- CPAC-2-10FSR-BP-C (2 port 10gb fiber fail-open NIC)
- CPAC-4-1C-BP-C (4 port 1gb copper fail-open NIC).
Hi Miguel, Dameon, all,
As noted above on this topic, our long standing intention has been to require a NOW cloud service SKU in addition to NGTX service and support.
SandBlast Now is a completely automated plug and play solution, so no management deployment is required by the customer. However, Check Point does host the customer's logs and provides threat intelligence management, hosted SmartEvent, and advanced threat hunting analytics.
Therefore, for all new deals, we are now also requiring one of the following Smart-1 Cloud SKUs:
- Smart-1 Cloud - for Smart Intel customers, providing threat indicator storage and distribution
- Smart-1 Cloud with SmartEvent - hosted SmartEvent
- Smart-1 Cloud with SmartEvent and Compliance - includes advanced Threat Hunting Analytics
Note: This notice does not apply to customers who purchase a private SandBlast Now Cloud (i.e. not hosted by Check Point).