cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

SBA without management server

Can I use the SBA without management server ?
How its configuration ?

Tags (1)
0 Kudos
7 Replies
Admin
Admin

Re: SBA without management server

All Endpoint blades (including SBA) require a management server for deployment and collecting logs.

Highlighted
Olga_Kuts
Silver

Re: SBA without management server

Which blades will work on SBA if management is not available some time?

0 Kudos
Admin
Admin

Re: SBA without management server

Management is definitely required for initial deployment.

Beyond that the blades can operate more or less independent of the management.

Forensics requires access to the management to generate reports.

Many of the blades require Internet access to leverage ThreatCloud.

Antiransomware will work without Internet at all.

Employee+
Employee+

Re: SBA without management server

All blades will keep working even when disconnected from the management server:

  • Anti Ransomware – will work. No connection needed.
  • Forensics – full attack analysis will work. Remediation of the full attack based on this analysis will work. You can view the analysis locally from the EP/SBA client UI.
  • Threat Emulation, threat Extraction – will work as long as you have connection to threat cloud or local TE appliance
  • Anti Phishing & Anti Bot. – will work as long as you have connection to the threat cloud

 

What the management server is really needed for is policy management, licensing, central monitoring and update distribution.

0 Kudos
Olga_Kuts
Silver

Re: SBA without management server

Lior,

If we use SandBlast appliance, do we need access from the client machines to the Internet, did they just have access to the appliance? How in the given case will the anti-bot work?

0 Kudos
Admin
Admin

Re: SBA without management server

The clients need to access the TE appliance or ThreatCloud.

Anti-Bot needs Internet access to look up threat indicators. 

We do offer a 'Private ThreatCloud' appliance, which I know our security gateways can use in the "no Internet" use case, but not sure on Endpoint... hopefully https://community.checkpoint.com/people/arzile9338099-64b6-3d9b-be29-fc67dc1788f6‌ can clarify. 

Employee+
Employee+

Re: SBA without management server

As Dameon mentioned, for TE SBA can work either with the cloud or with a TE appliance, you can configure this in the management.

You do need the cloud for AB (we haven't certified yet 'Private Threat Cloud' appliance with SBA).

0 Kudos