Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Niels_van_Sluis
Contributor

F5 BIG-IP ICAP and SandBlast (TEX)

Enable SandBlast ICAP server

Login to export mode and start the ICAP server on the TEX appliance or security gateway.

[Expert@cp-fw-01:0]# icap_server start
cpwd_admin:  Process CICAP started successfully (pid=31792) 
[Expert@cp-fw-01:0]#

Check if the ICAP processes are running.

[Expert@cp-fw-01:0]#  ps -def |grep icap admin    
31792  4631  0 19:19 ?        00:00:00 c-icap -N -f /opt/CPsuite-R77/fw1/c-icap/etc/c-icap.conf admin   
31813 31792  0 19:19 ?        00:00:00 c-icap -N -f /opt/CPsuite-R77/fw1/c-icap/etc/c-icap.conf admin   
31820 31792  0 19:19 ?        00:00:00 c-icap -N -f /opt/CPsuite-R77/fw1/c-icap/etc/c-icap.conf admin   
31826 31792  0 19:19 ?        00:00:00 c-icap -N -f /opt/CPsuite-R77/fw1/c-icap/etc/c-icap.conf admin   
31931 31651  0 19:20 pts/1    00:00:00 grep icap
[Expert@cp-fw-01:0]#

Enable ICAP logging.

[Expert@cp-fw-01:0]# tecli advanced remote emulator logs enable 
remote emulator logs set to enabled successfully
[Expert@cp-fw-01:0]#

Also make sure that your firewall rules allow access to the ICAP server port 1344/TCP on the TEX appliance or security gateway.

Please note that Jumbo Hotfix Accumulator Take_286 or higher for R77.30 should be used.

More information can be found in sk111306: Check Point support for Internet Content Adaptation Protocol (ICAP) server 

Prepare the F5 BIG-IP

Download the f5.checkpoint_sandblast_icap iApp template from the link below. This is an iApp template that creates ICAP related elements (nodes, pool, internal virtual server, profiles). The newly created request and response adapt profiles can be used by standard virtual servers so they can interact with a Check Point SandBlast ICAP Server.

GitHub - nvansluis/f5.checkpoint_sandblast_icap: iApp template to integrate F5 BIG-IP with Check Poi... 

  • Login to the Configuration Utility and Import the iApp template: iApps > Templates > Import.

Import the iApp template

  • Deploy a new application by using the iApp: iApps > Application Services > Applications > Create.

Deploy a new application by using the iApp template

  • Click Finished to deploy the iApp. You will see the components that have been configured.

Overview of components being created by the iApp

  • You can now use the newly created Request and Response Adapt profiles and attach them to a Virtual Server that has been configured with a HTTP profile.

You can now use the created Request and Response Adapt profiles on a Virtual Server

Testing Check Point SandBlast

Below you'll see some screenshots of what happens when a user attempts to upload or download malicous files.

Malicious uploads

  • Upload a file that triggers Threat Emulation (Zero-Day Protection).

Upload malicious file

  • The upload of this malicious file is prevented by Check Point SandBlast.

Upload prevented

  • Here you can see the log message that is created by Check Point.

Log message

Malicious downloads

  • A user tries to download a malicious file.

User tries to download a malicious file

  • The download of a malicious file is prevented by Check Point SandBlast.

download prevented

  • Below of an example what log message is created by Check Point.

Log message

13 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events