This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Giancarlo_Cotta
Contributor
‎2018-06-20 02:26 AM

How to collect files for emulation

Hi
I understood that is possible to collect file for the emulator from Gateway, span port and MTA.
I understood that MTA takes the role of the Exchange Server.
But I found this slide that show a Exchange that send file to emulator.
I'cannot find information that explain if Exchange Server can send file to emulator or not.
Thanks for you help.
Giancarlo

3 Replies
Charris_Lappas
Collaborator
‎2018-06-20 12:26 PM

Hi,

Let's say you have the following scenario, you have an email gateway that all emails are received and then processed for Antivirus and Antispam or any other rules you may have. The benign ones are then delivered to your email server ie MS Exchange. 

The new setup:

Your CheckPoint Gateway Firewall with the NGTX license gets the MTA role. You need to change the configuration on your Email Gateway to deliver the emails instead of your Exchange Server to your CP NGTX FW with the MTA role. For emails with attachments your CP FW will send the attachments to your Threat Emulation appliance (if you have one) or to the Cloud. Once the verdict comes back then your CP FW will send the emails if benign to your MS exchange server.

In short you are placing your FW with the MTA role between your current setup. Your FW then is sending the files for scanning to the TE appliance.

Notes:

1) Be careful with the allowed file sizes on your CP MTA to always be larger than your Email Gateway and Exchange server. 

2) When sending out from your organisation you can keep the same setup ie. from Exchange to your Email gateway.

3) It is preferable to have an email gateway in front so it will take all the heavy load first. Remember, your TE is for the files that everything else believe that are benign.

Thanks,

Charris

Giancarlo_Cotta
Contributor
‎2018-06-24 09:32 AM
In response to Charris_Lappas

HI

In Understood... I hope...

But, in the picture the arrows point to Sandblast appliance.

I suppose that traffics in this arrow come from Exchange server to Sandblast appliance directly.

I suppose that is possibile to send traffic directly from Exchange server to Sandblast appliance.

But I cannot find documentation that tell is possibile to send mail directly from Exchange to Sandblast appliance.

I don't know. I have a doubt.

Thanks

Giancarlo

0 Kudos
Charris_Lappas
Collaborator
‎2018-06-24 11:53 PM
In response to Giancarlo_Cotta

Hi,

If you current setup is for your MX records to be your Exchange server, then your Firewall with the NGTX with the MTA role will be your mail server. Then your FW will forward the emails to Exchange. For emails with attachments, the attachments will be send to the cloud for emulation or to your private appliance.

So in short you are putting in front your Firewall with the MTA role.

I hope is more clear.

Charris 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top