This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dd84
Participant
‎2017-10-16 03:13 PM

Sandblast - Proxy - HTTPS

We currently run a 2-node VSX cluster w/R77.30 and are looking to implement TE with the gateways forwarding to the ThreatCloud for Emulation.

Our environment uses a Intel web gateway as a forward proxy - so we are trying to understand the options available.

Im hearing ICAP might be an option - but there isn’t really any information about it other than one SK.

I’m just looking for more information on what deployment options might be available.

4 Replies
PhoneBoy
Admin
Admin
‎2017-10-16 05:54 PM

Basically, what the fix here provides is the ability to turn your gateway into an ICAP server: Check Point support for Internet Content Adaptation Protocol (ICAP) server 

This allows your proxy to consult the Check Point Threat Emulation blade on the Security Gateway to determine if the file downloaded is benign or malicious.

It's worth noting that this hotfix, while considered GA, it is not integrated into a major release (i.e. not part of R80.10).

You also may have issues applying other hotfixes on top of this release.

dd84
Participant
‎2017-10-16 06:00 PM
In response to PhoneBoy

Thanks for your response Daemon.

Is this the only supported deployment model in an environment that utilizes a forward proxy?

We were told that running the Sandblast Browser Agent would work - but we haven’t been able to get it functioning correctly with TAC and believe there is a limitation with forward proxy and SBA4B.  Correct me if you believe otherwise?

0 Kudos
PhoneBoy
Admin
Admin
‎2017-10-17 04:12 PM
In response to dd84

For the above solution I mentioned, yes, that is correct.

SBA4B is a different way to solve the same problem but the client sends the files to ThreatCloud, returning either a “safe” version of the file, the original (if it’s safe), or block the download if it is malicious.

I am not aware of any issues with proxies and SBA4B but maybe Lior Arzi or someone on his team can comment.

0 Kudos
Thomas_Werner
Employee Alumnus
Employee Alumnus
‎2017-10-27 06:38 AM
In response to PhoneBoy

ICAP Server HF is integrated with the current JHF286.

But I am not sure about support of ICAP HF on VSX.

You can however install a separate CP GW with R77.30 and use ICAP HF there to emulate files in the cloud received from your proxy. So you might give it a try ...


Regards Thomas

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top