Re: 1000x implementation issuse

Sagar_Manandhar · ‎2017-10-10

Hi,

I am trying to implement the 1000x appliance. My organization has been using 4600 series appliance as the gateway and using the virtual management server. I have initially made the 1000x as the local threat emulation appliance and the gateway has pointed 1000x as the other threat emulation devices. I have some queries:

While installing the policy I get the error message:

“Threat Prevention requires topology to be defined. At least one internal, one external, and no undefined interfaces are required. Incorrectly defined topology impacts performance and security. Please install both network security and Threat Prevention policy after fixing the topology.”

I have only connect to one interface of 1000x so that it can receive the traffic from the gateway. What may be the cause?

When I see the log of the threat emulation it is empty with no source and destination and when click on the “Update failed: The Security Gateway cannot download the file.The Security Gateway cannot connect to the Internet. We recommend that you check the network connection and proxy settings”

But when I try to reach the internet from cli mode I am being able to ping internet.

How can I determine if the virtual OS are working fine or not.

Snapshot of error attached

Thanks,

Sagar Manandhar

Danny · ‎2017-10-10

1. Your TE Sandblast Appliance is a gateway object and therefore requires to have at least one external and one internal interface defined. I recommend configuring the Mgmt interface with an IP address and define it as internal interface, even when you are not connecting it to a switch. This will solve your verification issue.

2. Your TE security gateway must be able to resolve external DNS properly and connect to Check Point via http / https. Please verifiy all the servers sk83520 lists can be reached. Being able to ping a server on the internet doesn't mean http / https is allowed as well -> Check your firewall rules. If you maintain a web proxy then you'll want to configure your TE appliance to use the proxy.

Related: Offline updates for Threat Emulation images and engine

Sagar_Manandhar · ‎2017-10-11

hi,

i am trying the offline image installation but stuck on the 4th step :

Create needed files for the offline update:

[Expert@HostName:0]# touch /var/log/files_repository/offline_update/enable_update_{0..4}

what i actually need to do??

PhoneBoy · ‎2017-10-11

The Unix command touch creates files that don't exist or updates their timestamp if they are.

That command should do it.

Sagar_Manandhar · ‎2017-10-11

I am the error that the file cannot be emulate.

Sagar_Manandhar · ‎2017-10-11

this issues is solved . i have installed the hotfix for sha-256 update. But the image download is stuck at 57%. what can i do for that.

Sagar_Manandhar · ‎2017-10-12

- Does it effect the inspection flow chain of TE appliance since we are using single external interface for inbound and outbound traffic.And what is the best placement of the TE appliance in a Network, can i get the guideline for the deployment option.

Thomas_Werner · ‎2017-10-27

Hi Sagar,

in general TE works well with one interface as long as you do not use "Protected Scope" based on topology in your Threat Prevention Profiles (use "Incoming and Outgoing" or be sure Topology is set 100% correct).

Deployment options are

1) Inline or attached to a CP GW

2) MTA

3) ICAP

4) API

Regards Thomas

Are you a member of CheckMates?

1000x implementation issuse