This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
usukhbayar_g
Contributor
‎2025-07-16 01:48 AM

Sharing Threat Emulation Appliance Between Two Security Gateways

We’re currently using a Check Point SandBlast appliance together with our Security Gateway. I’d like to know: is it possible to connect this same SandBlast appliance to another Security Gateway that’s managed by a different Management Server—without giving that team full admin access to our SandBlast?

I saw in the setup guide that the other side needs to create a gateway object and define it as a "TE Appliance." I’m wondering—does doing this give them the same kind of administrative permissions over the appliance that we currently have?

0 Kudos
6 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2025-07-16 02:05 AM

In https://support.checkpoint.com/results/sk/sk113599 we learn that you can use the TE appliance together with a number of Harmony Endpoint Security servers, so sharing should be possible. I would suggest to contact CP TAC to learn how to configure such a deployment! It looks as if only a certificate for TLS is needed but no SIC that would enable administration tasks from SMS.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
usukhbayar_g
Contributor
‎2025-07-16 02:11 AM
In response to G_W_Albrecht

Does it mean configuring SIC between them would enable administration from the another Management server through SmartConsole, therefore configuring TLS is sufficient to work?

G_W_Albrecht
MVP Silver
MVP Silver
‎2025-07-16 02:45 AM
In response to usukhbayar_g

Afaik you can only establish SIC with one SMS ! With SIC established, you have access to the GW/TE appliance by using SMS CLI:

$CPDIR/bin/cprid_util -server <IPv4 Address of appliance> -verbose rexec -rcmd /bin/clish -c "show date"

Seesk101047: How to manage a Security Gateway using the "cprid_util" tool for details!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2025-07-16 09:52 AM

Looking at sk113599 it's only talking about establishing connectivity with Harmony Endpoint and Harmony Browse.
For a Check Point gateway, I assume the appliance has to be SICed to the same management domain.
Not sure how this would work for an externally managed TE appliance (or if this is even supported).

0 Kudos
Josh28
Contributor
‎2025-07-17 02:55 AM

Hello,

Personally I’m using my sandblast with a third-party vendor, as an ICAP server. Maybe someone knows if the Secure Gateways can be configured as a ICAP client?  And then the gateways could declare your sandblast as their Icap server ? It might do the trick.

0 Kudos
_Val_
Admin
Admin
‎2025-07-17 03:24 AM
In response to Josh28

Per documentation, it is indeed possible, see here, for example

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events