This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JustinLow
Contributor
‎2023-12-30 08:55 PM
Jump to solution

Horizon Playblocks Expert Mode Login Notification

Hi All,

 

Recently I upgraded the management server to R81.20 and receive a message regarding the "Introducing Expert mode audit log and notifications". I have some questions regarding the Horizon Playblocks Service,

1) Is it the Horizion Playblocks require license/subscription? Or is it free of charge?

2) Will I get expert shell login notification of the gateway appliance that managed by R81.20 SMS but gateway with a lower version (below R80.40)?

 

Regards

Justin Low

 

Preview file
74 KB
0 Kudos
1 Solution

Accepted Solutions
Tomer_Noy
Employee
Employee
‎2024-01-01 11:46 PM
Jump to solution

I'll add a bit more info...

  1. Full capabilities of Horizon Playblocks indeed require a subscription (which isn't too expensive and easy to purchase 😉).
  2. Having said that, we currently intend to provide the "expert login" notifications (up to a reasonable volume) without an additional license. The reasoning is that we believe it's very important that customers be aware of these occurrences.
  3. The notifications rely on the gateway's ability to send a new type of audit log whenever expert mode login is performed on the gateway. These audit logs were added to GAIA from R80.40 and up (starting from a certain JHF).
  4. The requirement for R81 on the gateway is for enforcement capabilities such as dynamically blocking external attackers that triggered a playbook by causing malicious activity.

So bottom line, we welcome all customers to connect to the cloud and activate these notifications. We're also adding some new options for better management of notifications when they come at high rates.

We also welcome you to experiment with the full Playblocks feature set during trial and make an informed decision if the value justifies a purchase.

View solution in original post

(1)
3 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-12-30 10:18 PM
Jump to solution

Horizon Playblocks is available both as an individual product and as a component of Check Point Horizon´s XDR/XPR.

•Horizon Playblocks for Enterprise requires prerequisite of- Quantum Gateways and/or Harmony Endpoint and/or Quantum SD-WAN and/or Quantum IoT Protect

•Horizon Playblocks for Enterprise is an annual license.

•License quota is set according to the number of active users in the organization (Active users in Active Directory)

•Technical requirements for available data sources integration:

•Gateway mgmt. version R81.10 and above

•Quantum Gateways needs to be R81.00 and above to be enforcement point of Playblocks.

•Harmony Endpoint: could be cloud managed or on-premise.

 

Refer also: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Horizon-PlayBlocks-Admin-Guid...

Important Note: R80.40 is End of Life April 2024

CCSM R77/R80/ELITE
0 Kudos
Tomer_Noy
Employee
Employee
‎2024-01-01 11:46 PM
Jump to solution

I'll add a bit more info...

  1. Full capabilities of Horizon Playblocks indeed require a subscription (which isn't too expensive and easy to purchase 😉).
  2. Having said that, we currently intend to provide the "expert login" notifications (up to a reasonable volume) without an additional license. The reasoning is that we believe it's very important that customers be aware of these occurrences.
  3. The notifications rely on the gateway's ability to send a new type of audit log whenever expert mode login is performed on the gateway. These audit logs were added to GAIA from R80.40 and up (starting from a certain JHF).
  4. The requirement for R81 on the gateway is for enforcement capabilities such as dynamically blocking external attackers that triggered a playbook by causing malicious activity.

So bottom line, we welcome all customers to connect to the cloud and activate these notifications. We're also adding some new options for better management of notifications when they come at high rates.

We also welcome you to experiment with the full Playblocks feature set during trial and make an informed decision if the value justifies a purchase.

(1)
JustinLow
Contributor
‎2024-01-02 12:29 AM
In response to Tomer_Noy
Jump to solution

Hi Tomer,

 

Thank you for you clarification on this. Appreciate it.

0 Kudos
Trending Discussions
High rate of blocked connections
Upcoming Events

    CheckMates Events