cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Sandblast - Proxy - HTTPS

We currently run a 2-node VSX cluster w/R77.30 and are looking to implement TE with the gateways forwarding to the ThreatCloud for Emulation.

Our environment uses a Intel web gateway as a forward proxy - so we are trying to understand the options available.

Im hearing ICAP might be an option - but there isn’t really any information about it other than one SK.

I’m just looking for more information on what deployment options might be available.

4 Replies
Admin
Admin

Re: Sandblast - Proxy - HTTPS

Basically, what the fix here provides is the ability to turn your gateway into an ICAP server: Check Point support for Internet Content Adaptation Protocol (ICAP) server 

This allows your proxy to consult the Check Point Threat Emulation blade on the Security Gateway to determine if the file downloaded is benign or malicious.

It's worth noting that this hotfix, while considered GA, it is not integrated into a major release (i.e. not part of R80.10).

You also may have issues applying other hotfixes on top of this release.

Re: Sandblast - Proxy - HTTPS

Thanks for your response Daemon.

Is this the only supported deployment model in an environment that utilizes a forward proxy?

We were told that running the Sandblast Browser Agent would work - but we haven’t been able to get it functioning correctly with TAC and believe there is a limitation with forward proxy and SBA4B.  Correct me if you believe otherwise?

0 Kudos
Admin
Admin

Re: Sandblast - Proxy - HTTPS

For the above solution I mentioned, yes, that is correct.

SBA4B is a different way to solve the same problem but the client sends the files to ThreatCloud, returning either a “safe” version of the file, the original (if it’s safe), or block the download if it is malicious.

I am not aware of any issues with proxies and SBA4B but maybe Lior Arzi or someone on his team can comment.

0 Kudos
Employee++
Employee++

Re: Sandblast - Proxy - HTTPS

ICAP Server HF is integrated with the current JHF286.

But I am not sure about support of ICAP HF on VSX.

You can however install a separate CP GW with R77.30 and use ICAP HF there to emulate files in the cloud received from your proxy. So you might give it a try ...


Regards Thomas