This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wolfgang
Authority
Authority
Thursday

connections to file-rep.iaas.checkpoint.com:443

After deploying Harmony Endpoint in an environment with internet access only with proxy we are facing CPU utilization problems on the proxy environment.

From the proxy logs we see the system is flooded with connections to "file-rep.iaas.checkpoint.com" from all clients all the times. We are using a supernode in the environment but these connections are always seen via the proxy. Around 80% of all internet traffic is regarding this connections. sk116590 states this connections are for ThreatEmulationBlade

Any chance to stop this or get working not via the proxy but the supernode?

2024-12-19 10_.png

0 Kudos
6 Replies
Chris_Atkinson
Employee Employee
Employee
Thursday

Are you implying the super node also doesn't rely on the proxy for its Internet access?

CCSM R77/R80/ELITE
0 Kudos
Wolfgang
Authority
Authority
Thursday
In response to Chris_Atkinson

Yes, the supernode has connectivity to the Cloud without the proxy. All these connections we can see on the proxy are only from the clients with installed EndPoint software.

0 Kudos
PhoneBoy
Admin
Admin
Thursday

Based on https://support.checkpoint.com/results/sk/sk171703 this is expected behavior.
Specifically: Currently, Super Node serves as an Anti-Malware signature proxy.

0 Kudos
RS_Daniel
Advisor
Thursday

Hello,

We faced the same issue. These connections overloaded our proxy. I understand it is a normal behavior, according to TAC, Under the hood Anti-Malware E2 is part of Threat Emulation blade and cannot function independently. Therefore Threat Emulation as blade is installed, no matter how it is called Threat Emulation or File reputation.
. We found some options: 

  1. Reduce the number of connections that agents do to those URL's. It needs to disable some fetures which reduces security. (File reputation, custom IoC, create exclusions for browsers cache folders)
  2. Use semi isolated enviaroments Super Node, all file-rep connections will go to Super Node. It does not work with authenticated proxy.
  3. Send these connections to a different proxy configuring  Client Settings > General Authenticated Proxy. Again, it does not work with authenticated proxy! It should be fixed on E88.70. 

Just a tip. Make sure that all CheckPoint URL's are allowed on your proxy for endpoints. We found a couple endpoints without permissions to file-rep URL, and they went crazy, sent hundreds of attempts until we allowed the connection.

Regards

Wolfgang
Authority
Authority
Thursday
In response to RS_Daniel

Thanks @RS_Daniel sounds good, we are not alone.

Your second point is very interesting. We are using the Super Node, but all connections to file-rep...... are going through the normal proxy. It would be very helpful gettng these connection rid from the normal proxy. We don't use our proxy with authentication.

0 Kudos
RS_Daniel
Advisor
Friday
In response to Wolfgang

Hello,

That option only worked after we enabled Semi Isolated mode on our tenant. A checkpoint team helped us enabling this feature on the server, and only then we were able to follow and enabled Semi Isolated super node configuration steps. Also i would try it with E88.50 or higher.

You can check this training video shared by Bar Yassure:

Learn more about this new capability:

Regards

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events