cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

How to collect files for emulation

Hi
I understood that is possible to collect file for the emulator from Gateway, span port and MTA.
I understood that MTA takes the role of the Exchange Server.
But I found this slide that show a Exchange that send file to emulator.
I'cannot find information that explain if Exchange Server can send file to emulator or not.
Thanks for you help.
Giancarlo

3 Replies

Re: How to collect files for emulation

Hi,

Let's say you have the following scenario, you have an email gateway that all emails are received and then processed for Antivirus and Antispam or any other rules you may have. The benign ones are then delivered to your email server ie MS Exchange. 

The new setup:

Your CheckPoint Gateway Firewall with the NGTX license gets the MTA role. You need to change the configuration on your Email Gateway to deliver the emails instead of your Exchange Server to your CP NGTX FW with the MTA role. For emails with attachments your CP FW will send the attachments to your Threat Emulation appliance (if you have one) or to the Cloud. Once the verdict comes back then your CP FW will send the emails if benign to your MS exchange server.

In short you are placing your FW with the MTA role between your current setup. Your FW then is sending the files for scanning to the TE appliance.

Notes:

1) Be careful with the allowed file sizes on your CP MTA to always be larger than your Email Gateway and Exchange server. 

2) When sending out from your organisation you can keep the same setup ie. from Exchange to your Email gateway.

3) It is preferable to have an email gateway in front so it will take all the heavy load first. Remember, your TE is for the files that everything else believe that are benign.

Thanks,

Charris

Re: How to collect files for emulation

HI

In Understood... I hope...

But, in the picture the arrows point to Sandblast appliance.

I suppose that traffics in this arrow come from Exchange server to Sandblast appliance directly.

I suppose that is possibile to send traffic directly from Exchange server to Sandblast appliance.

But I cannot find documentation that tell is possibile to send mail directly from Exchange to Sandblast appliance.

I don't know. I have a doubt.

Thanks

Giancarlo

0 Kudos

Re: How to collect files for emulation

Hi,

If you current setup is for your MX records to be your Exchange server, then your Firewall with the NGTX with the MTA role will be your mail server. Then your FW will forward the emails to Exchange. For emails with attachments, the attachments will be send to the cloud for emulation or to your private appliance.

So in short you are putting in front your Firewall with the MTA role.

I hope is more clear.

Charris