- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
We currently run a 2-node VSX cluster w/R77.30 and are looking to implement TE with the gateways forwarding to the ThreatCloud for Emulation.
Our environment uses a Intel web gateway as a forward proxy - so we are trying to understand the options available.
Im hearing ICAP might be an option - but there isn’t really any information about it other than one SK.
I’m just looking for more information on what deployment options might be available.
Basically, what the fix here provides is the ability to turn your gateway into an ICAP server: Check Point support for Internet Content Adaptation Protocol (ICAP) server
This allows your proxy to consult the Check Point Threat Emulation blade on the Security Gateway to determine if the file downloaded is benign or malicious.
It's worth noting that this hotfix, while considered GA, it is not integrated into a major release (i.e. not part of R80.10).
You also may have issues applying other hotfixes on top of this release.
Thanks for your response Daemon.
Is this the only supported deployment model in an environment that utilizes a forward proxy?
We were told that running the Sandblast Browser Agent would work - but we haven’t been able to get it functioning correctly with TAC and believe there is a limitation with forward proxy and SBA4B. Correct me if you believe otherwise?
For the above solution I mentioned, yes, that is correct.
SBA4B is a different way to solve the same problem but the client sends the files to ThreatCloud, returning either a “safe” version of the file, the original (if it’s safe), or block the download if it is malicious.
I am not aware of any issues with proxies and SBA4B but maybe Lior Arzi or someone on his team can comment.
ICAP Server HF is integrated with the current JHF286.
But I am not sure about support of ICAP HF on VSX.
You can however install a separate CP GW with R77.30 and use ICAP HF there to emulate files in the cloud received from your proxy. So you might give it a try ...
Regards Thomas
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY