This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
melcu
Participant
Participant
‎2025-04-22 10:50 AM
Jump to solution

Threat Emulation appliance connectivity

Hi Team,

I have a difficult customer that for every darn request he comes back with 23402983423 questions.

He has one Cluster  and one TE250 appliance. Fast forward  MGMT interfaces is not connected and he connected interface 1 from the appliance to the actual management vlan.  Licensed the box and had no idea how to use it.

I told him to move the actual management IP address to the MGMT interface  and  put port1 to a network that belongs to a trusted segment between  firewall and Threat Emulation appliance.

How he's asking me bunch of questions on which I have no idea how to answer.

- where to put the default route

- which interface will the appliance use to 'talk' with SMS about the license

- which interface will be used for  updates from cloud

- how the internal VM will be updated ? (what ?! is this something that customer can do?)

- how does the gateway communicate with the TE appliance, on which interface

 

and the most funny one that melted my brain: 

- how to enable MDPS on this appliance.

 

So I'm asking experts for some guidance as I'm telling you his questions are melting my brain.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2025-04-22 01:52 PM
Jump to solution

What "interface" is used for any given communication is determined entirely by the device's routing table.
The "Main IP" for the TE object will be used for communication...on whatever interface that's configured on.
For offline updates of the Threat Emulation Engine (updates the underlying VMs), see: https://support.checkpoint.com/results/sk/sk92509 

MDPS is only relevant on regular Security Gateways, not dedicated Threat Emulation appliances.

View solution in original post

0 Kudos
4 Replies
the_rock
Legend
Legend
‎2025-04-22 11:47 AM
Jump to solution

I believe as far as interfaces, you can pick whichever one you want. For MDPS, see below. As far as VM, how will it be updated? I dont really see any relevance to CP there.

Andy

https://support.checkpoint.com/results/sk/sk138672

0 Kudos
melcu
Participant
Participant
‎2025-04-22 11:52 AM
In response to the_rock
Jump to solution

Does TE appliances even support MDPS ?

So what's the purpose of having a dedicated MGMT interface if everything can be done through data ports ?

I've never touched a TE appliance and I have no idea how to connect it. For me it makes more sense to have high speed interfaces for  firewall-TE communication and just leave the MGMT for Gaia purposes only.

But as far as static route .. if you put it through management (which has no internet access) then how the appliance will connect to CP cloud for updates ?  No proxy in the network btw.

0 Kudos
the_rock
Legend
Legend
‎2025-04-22 12:03 PM
In response to melcu
Jump to solution

I dont see why it would not support it, nothing for it listed under limitation. You are right about static route, connectivity needs to be there to connect externally, otherwise it will never get any updates.

Andy

 

0 Kudos
PhoneBoy
Admin
Admin
‎2025-04-22 01:52 PM
Jump to solution

What "interface" is used for any given communication is determined entirely by the device's routing table.
The "Main IP" for the TE object will be used for communication...on whatever interface that's configured on.
For offline updates of the Threat Emulation Engine (updates the underlying VMs), see: https://support.checkpoint.com/results/sk/sk92509 

MDPS is only relevant on regular Security Gateways, not dedicated Threat Emulation appliances.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events