This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
r31N3r
Participant
‎2023-03-15 05:57 AM
Jump to solution

What frequency to CWS

Hello,

Can me anyone tell what is the correct frequency  a cluster-(ip) should connect to  http://cws.checkpoint.com/Malware/malware/6.0?  or  http://cws.checkpoint.com/AntiVirus/antivirus/2.0? ?  In our environment , AV and Antibot enabled, it seems to be a streaming connection. Is this O.K.?

Thank you for your replies in advance

Reiner

0 Kudos
2 Solutions

Accepted Solutions
_Val_
Admin
Admin
‎2023-03-15 09:01 AM
In response to r31N3r
Jump to solution

This is normal, AV/AB/IPS are in constant communication with the ThreatCloud. 

View solution in original post

(1)
PhoneBoy
Admin
Admin
‎2023-03-15 11:35 AM
Jump to solution

If AV/AB are enabled, calls to those URLs and others listed in sk83520 are to be expected relative to the traffic the gateway is seeing.
It's expected behavior.

View solution in original post

(1)
7 Replies
the_rock
Legend
Legend
‎2023-03-15 07:23 AM
Jump to solution

Might be worth TAC case to confirm this...excellent question by the way @r31N3r 

0 Kudos
G_W_Albrecht
Legend
Legend
‎2023-03-15 07:56 AM
In response to the_rock
Jump to solution

Confirm what ? He did not present any answer that can be confirmed, but only a question still not answered by anyone 😉

I would  go for 12h.

CCSE CCTE CCSM SMB Specialist
0 Kudos
the_rock
Legend
Legend
‎2023-03-15 08:01 AM
In response to G_W_Albrecht
Jump to solution

Confirm answer to his question 😇

0 Kudos
G_W_Albrecht
Legend
Legend
‎2023-03-15 07:55 AM
Jump to solution

What do you mean by frequency ? How often per week / day you connect and update  ? This can be selected according to your prefered interval. sk83520 - How to verify that Security Gateway and/or Security Management Server can access Check Poi...

CCSE CCTE CCSM SMB Specialist
0 Kudos
r31N3r
Participant
‎2023-03-15 08:15 AM
In response to G_W_Albrecht
Jump to solution

We set in the SmartDashboard "Traditional Anti-Virus"  120min and "Proxy1".

On "Proxy 2", set in Global Properties or in Custer Object, the log for cws.checkpoint.com is running like there's no tomorrow.  All states IPS/AV Signature on for the cluster are "green".

 

_Val_
Admin
Admin
‎2023-03-15 09:01 AM
In response to r31N3r
Jump to solution

This is normal, AV/AB/IPS are in constant communication with the ThreatCloud. 

(1)
PhoneBoy
Admin
Admin
‎2023-03-15 11:35 AM
Jump to solution

If AV/AB are enabled, calls to those URLs and others listed in sk83520 are to be expected relative to the traffic the gateway is seeing.
It's expected behavior.

(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events