This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sagar_Manandhar
Advisor
‎2017-10-10 01:42 AM

1000x implementation issuse

Hi,

 I am trying to implement the 1000x appliance. My organization has been using 4600 series appliance as the gateway and using the virtual management server. I have initially made the 1000x as the local threat emulation appliance and the gateway has pointed  1000x as the other threat emulation devices. I have some queries:

  1.       While installing the policy I get the error message:

“Threat Prevention requires topology to be defined. At least one internal, one external, and no undefined interfaces are required. Incorrectly defined topology impacts performance and security. Please install both network security and Threat Prevention policy after fixing the topology.”

I have only connect to one interface of 1000x so that it can receive the traffic from the gateway. What may be the cause?

 

  1.      When I see the log of the threat emulation it is empty with no source and destination and when click on the “Update failed: The Security Gateway cannot download the file.The Security Gateway cannot connect to the Internet. We recommend that you check the network connection and proxy settings”

But when I try to reach the internet from cli mode I am being able to ping internet.

 

  1.       How can I determine if the virtual OS are working fine or not.

Snapshot of error attached

 

 

Thanks,

Sagar Manandhar

tracker.PNG
Preview file
91 KB
verification.PNG
Preview file
10 KB
0 Kudos
7 Replies
Danny
Champion Champion
Champion
‎2017-10-10 05:17 AM

1. Your TE Sandblast Appliance is a gateway object and therefore requires to have at least one external and one internal interface defined. I recommend configuring the Mgmt interface with an IP address and define it as internal interface, even when you are not connecting it to a switch. This will solve your verification issue.

2. Your TE security gateway must be able to resolve external DNS properly and connect to Check Point via http / https. Please verifiy all the servers sk83520 lists can be reached. Being able to ping a server on the internet doesn't mean http / https is allowed as well -> Check your firewall rules. If you maintain a web proxy then you'll want to configure your TE appliance to use the proxy.

Related: Offline updates for Threat Emulation images and engine

Sagar_Manandhar
Advisor
‎2017-10-11 06:20 AM
In response to Danny

hi,

i am trying the offline image installation but stuck on the 4th step :

Create needed files for the offline update:

[Expert@HostName:0]# touch /var/log/files_repository/offline_update/enable_update_{0..4}

what i actually need to do??

0 Kudos
PhoneBoy
Admin
Admin
‎2017-10-11 10:11 AM
In response to Sagar_Manandhar

The Unix command touch creates files that don't exist or updates their timestamp if they are.

That command should do it.

Sagar_Manandhar
Advisor
‎2017-10-11 09:29 PM
In response to Danny

I am the error that the file cannot be emulate.

0 Kudos
Sagar_Manandhar
Advisor
‎2017-10-11 11:53 PM
In response to Sagar_Manandhar

this issues is solved . i have installed the hotfix for sha-256 update. But the image download is stuck at 57%. what can i do for that.

Sagar_Manandhar
Advisor
‎2017-10-12 09:21 PM
In response to Danny

-  Does it effect the inspection flow chain of TE appliance since we are using single external interface for inbound and outbound traffic.And what is the best placement of the TE appliance in a Network, can i get the guideline  for the deployment option.

0 Kudos
Thomas_Werner
Employee Alumnus
Employee Alumnus
‎2017-10-27 06:40 AM
In response to Sagar_Manandhar

Hi Sagar,

in general TE works well with one interface as long as you do not use "Protected Scope" based on topology in your Threat Prevention Profiles (use "Incoming and Outgoing" or be sure Topology is set 100% correct).


Deployment options are 

   1) Inline or attached to a CP GW

   2) MTA

   3) ICAP

   4) API

Regards Thomas

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top