Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
quyentv
Explorer

How to setting Sandblast detect both traffic ICAP and SPAN

Can someone guide me to configure Sandblast to detect both ICAP traffic and SPAN traffic?
When I configure SPAN or ICAP individually, everything works fine, but when I configure both only ICAP works and SPAN doesn't. Currently I am configuring both protocols on an interface.

0 Kudos
2 Replies
_Val_
Admin
Admin

Not sure I understand. For ICAP, is your Security Gateway configured as a ICAP client or ICAP server?

Also, you want the same GW to work in both active traffic forwarding and also mirror mode?

0 Kudos
ISHFAQ-MALIK
Explorer

Hello

can you confirm the below, how you have done the icap integration?

1. do you have checkpoint dedicated appliance.

2.are you doing icap integration between f5 and sandblast or between any firewall to sandblast.

3.which is the perimeter firewall.

4.how is the flow of your inbound and outbound traffic ( it is compulsory to understand your design)

Use case 1:

-----------

if you are doing icap integration between checkpoint firewall and sandblast then enable threat extraction and https inspection on firewall and only enable threat emulation and Anti virus on sandblast appliance for both MTA traffic as well as icap traffic.

Note: Once you will enable the icap services on both ways then span port will not come into picture. And icap service will not follow the complete web traffic it will only look into attachments.

use case 2:

----------- 

if yo are doing icap integraion between 3rd party firewall to checkpoint sandblast, how you are sending the traffic to sandblast.

 

once you will revert back then may be we can assist you in the proper direction.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events