cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
SandBlast Network

This space is where you can discuss SandBlast Advanced Network Threat Prevention for Security Gateways.

RoD
RoD inside SandBlast Network a week ago
views 216 2

Privacy and TE100X

Hi,We have plan to buy TE100x for our firm.My primary concerns is about privacy,if I understand well all SandBlast Threat Emulation is done on site (TE100X) not in the cloud ?About TE100X and Threat Emulation, Treat Extraction and Threat Prevention,all this services is running on volatile memory 16GB, or on non-volatile memory (Hard Disk) ?Also about HTTPS inspection, we received about 80% email and files from GoDaddy server (secureserver.net- SSL or TSL) other 20% email and files we received from Gmail,Yahoo email and Outlook.com email server.My question is these any troubleshooting about receiving email from these server and HTTPS inspection on TE100x ?Thanks
RAGHU_K
RAGHU_K inside SandBlast Network 3 weeks ago
views 381 5 2

MTA on Cluster HA Setup

Hi!,I have 2 queries regarding the MTA configured on a Cluster running in HA mode:1) What will happen to the Mails queued for processing in one member if there is a fail-over to the other member in the cluster? Is this queue will also be synced between the cluster members? If not then how to make sure the mails been delivered to the end-user? 2) How to address the scenario, when we face a hardware issue on the Active member in the cluster which is processing the mails? how to take out the mails which are in the queue? Raghu
jijotms0511
jijotms0511 inside SandBlast Network 3 weeks ago
views 322 3 1

Asymmetric Routing issue-Checkpoint

Dear Experts,Need an advise on the below:Attached Network diagram for one requirement and “maroon color” line is the outgoing traffic and “green” color is the return traffic.  In the Net diagram, the right hand side firewall is the checkpoint firewall. As per the network flow, the outgoing traffic flows via checkpoint and when it comes back, it is not hitting the checkpoint firewall. Looks like the traffic will be asymmetric. Just checking if the checkpoint can handle such asymmetric traffic and if any provisions to cater the same.Thanks,
jijotms0511
jijotms0511 inside SandBlast Network 3 weeks ago
views 217 1 1

OSPF configuration with a different area

Hi Experts,For checkpoint ospf config, if we need to use a different area other that default  are area0 ,can we create the same under area section and call it directly? Do we need to disable the backbone area if we need to call a new area like 20 in ospf config. This is for R80.10 config in checkpoint hardwareThanks,Jijo 
Rabindra_Khadka
Rabindra_Khadka inside SandBlast Network 2019-12-26
views 256 1 2

Threat Extraction: Error Disk Limit Reached

Please do anyone know about this, please help us !
Suresh_Kumar_K
Suresh_Kumar_K inside SandBlast Network 2019-12-25
views 8180 4 4

Sandblast appliance Downgrade from R80.10 to R77.30

Can we downgrade from R80.10 to R77.30If so can I directly downgrade..
keydee
keydee inside SandBlast Network 2019-12-21
views 292 2 1

HTTPS Inspection of Traffic Flow - HTTPS, FIREWALL AND IPS

We have enabled HTTPS inspection covering IPS, IDS, antibot and antivirus. What should be appearing first on the traffic rule in the firewall. Because I normally see https inspection then firewall then IDS. Could you kindly provide an idea on how to carefully analyze these. Which blade should be first appearing on the traffic thats my concern.
Yoav_Lasman
inside SandBlast Network 2019-12-11
views 401 1
Employee+

Periodic Security Report Early Availability - Join Now!!

What is Check Point’s Periodic Security Report? A periodic email notification summarizing the malicious email and web campaigns against your organization that were prevented by Check Point The report includes Number of prevented malicious files Significant email and web campaigns and their respective malware family Recently introduces Threat Prevention features   Why should I join this EA program?                                                                                                             Stay up to date with the latest attacks that targeted your organization Easily visualize and report the work of your security team to your management You will get a sneak peek into the feature You will be able to influence the development and direction of the feature You will help accelerate the feature’s general availability   If you’re interested in participating in the early availability stage drop me a mail at yoav@checkpoint.com
GGiorgakis
GGiorgakis inside SandBlast Network 2019-12-10
views 303 5

Can you manually block url through ANTI-BOT?

Can you manually block url through ANTI-BOT?
GGiorgakis
GGiorgakis inside SandBlast Network 2019-12-10
views 212 1

How to bypass .kmz file extension from Threat emulation

How to bypass .kmz file extension from Threat emulation ? 
Gregory_Link
Gregory_Link inside SandBlast Network 2019-12-06
views 256 1

Looking for clarification on Threat Emulation Custom Password Configs

We are looking to create a custom password list using the SK below based on intel and active threats we've seen.  What I'm having trouble understanding though is why we need to add phrases as well given that threat emulation already knows what inbound emails to look at based on the extensions you have defined.  What value do we get out of this?https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk112821
SANDEEP_DEGAONK
SANDEEP_DEGAONK inside SandBlast Network 2019-12-05
views 230 1

Regarding retrieving of encrypted documents traversing through MTA

We intend to block all encrypted attachment by Check Point Threat Extraction blade and send notifications to end-users about the same. Before enabling this, we need to confirm whether we will be able to retrieve & forward that encrypted attachment to the intended recipient upon receiving such requests from end-users.
Jaspreet_Singh_
inside SandBlast Network 2019-11-22
views 335 3
Employee

Files extensions for threat emulation missing

Hi,   i am working on a case wherein we are demonstrating the capabilities of our Threat Emulation. We are running R80.10 Gateway being managed by R80.20 Management Appliance. Trial NGTX License has been applied on the Gateway and for some reason I am only seeing 7 file extension being supported for Threat Emulation.   I have verified that license is correctly applied and contracts have been successfully attached. Both the Management Server and Gateway are connected to Internet and are being regularly updated. Any updates on how to proceed will be highly appreciated. NOTE: It is a live network running for the last 1 year with NGTP license. Regards Jaspreet Singh  
Arth
Arth inside SandBlast Network 2019-10-26
views 234 1

Automatically sync AD with SmartEndpoint R80.20

Hello everyone,I currently have a problem with a customer where the Active Directory does not automatically sync with their SmartEndpoint R80.20. Users created after the setup do not appear in the Users and Computers tab.I found the sk102656 that says that the issue was fixed with the R80.10 update but does not seem to work for them.So before going too far, I'd like to know :- If I go through the "Express Setup Wizard" again by linking the AD to the SmartEndpoint, it will work without any issue (OU or account duplication for example).- If I can rollback changes if anything goes wrong ? Thanks for you answers 🙂
yudha_spt
yudha_spt inside SandBlast Network 2019-10-11
views 373 1

Asymmetric Routing causing network slow and MTA issue

Hi CheckMates,Condition-based on topology (Single TE1000X, with 4-Port Bypass Interface & 1 LACP MTA port), please refer to below images :1. All 3 switches are in L3 mode with OSPF equal cost, meaning traffic will be asymmetric. Cannot using link bonding.2. Position of Anti Spam in DMZ, and mail server in DC.I have 2 problems:1. Regarding condition 1 above, when we put TE as bridging we found 3 (Three) log that we suspect causing network slow.- TCP packet out of state First packet isn't Sync- TCP segment out of maximum allowed sequenced. Packet dropped.- ICMP reply does not match a previous request2. Traffic from anti-spam to mail server already inspected by bridged interfaces instead of MTA.Action :1. I already disabled TCP packet out of state First packet isn't Sync on Global Properties and expert mode. Log already not show anymore after that.2. I already allow TCP segment out of maximum allowed sequenced on inspection setting. But log still shows these messages.3. We also already disabled ICMP reply does not match a previous request on Global Setting and expert mode but log still shows these messages too.Could anybody please give me suggestion for :1. How to deploy this TE with bridge mode with this condition?2. How to bypass SMTP traffic from anti-spam to mail server on bridged mode because when there is double-checking Threat Emulation traffic will be drop. Or any best practice for this condition?Thank you CheckMates.