Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
German_Khokhlov
Participant

SBA without management server

Can I use the SBA without management server ?
How its configuration ?

0 Kudos
Reply
7 Replies
PhoneBoy
Admin
Admin

All Endpoint blades (including SBA) require a management server for deployment and collecting logs.

Olga_Kuts
Advisor

Which blades will work on SBA if management is not available some time?

0 Kudos
Reply
PhoneBoy
Admin
Admin

Management is definitely required for initial deployment.

Beyond that the blades can operate more or less independent of the management.

Forensics requires access to the management to generate reports.

Many of the blades require Internet access to leverage ThreatCloud.

Antiransomware will work without Internet at all.

Lior_Arzi
Employee
Employee

All blades will keep working even when disconnected from the management server:

  • Anti Ransomware – will work. No connection needed.
  • Forensics – full attack analysis will work. Remediation of the full attack based on this analysis will work. You can view the analysis locally from the EP/SBA client UI.
  • Threat Emulation, threat Extraction – will work as long as you have connection to threat cloud or local TE appliance
  • Anti Phishing & Anti Bot. – will work as long as you have connection to the threat cloud

 

What the management server is really needed for is policy management, licensing, central monitoring and update distribution.

0 Kudos
Reply
Olga_Kuts
Advisor

Lior,

If we use SandBlast appliance, do we need access from the client machines to the Internet, did they just have access to the appliance? How in the given case will the anti-bot work?

0 Kudos
Reply
PhoneBoy
Admin
Admin

The clients need to access the TE appliance or ThreatCloud.

Anti-Bot needs Internet access to look up threat indicators. 

We do offer a 'Private ThreatCloud' appliance, which I know our security gateways can use in the "no Internet" use case, but not sure on Endpoint... hopefully https://community.checkpoint.com/people/arzile9338099-64b6-3d9b-be29-fc67dc1788f6‌ can clarify. 

Lior_Arzi
Employee
Employee

As Dameon mentioned, for TE SBA can work either with the cloud or with a TE appliance, you can configure this in the management.

You do need the cloud for AB (we haven't certified yet 'Private Threat Cloud' appliance with SBA).

0 Kudos
Reply