Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_Kavan
Advisor
Jump to solution

TE on gateway sandblast in local mode

Hi,

Rather than buying a dedicated on prem appliance for sandblast, we're considering buying the overall TE package so it runs on ALL or a subset of our gateways.   Is there a way to get the code under our control?   IOW, Is there a way to turn OFF sandblast from sending data to the cloud and checking it locally?   Is there a way for it only to scan/check/sandblast files that WE send it with an api call.  IOW, can we purcahse the TE package for all our gateways and use it in a very controlled limited way?  For one, we want to turn it OFF from the cloud and run it on our own gateway locally.  2. we want to ensure that all files aren't running thru it so we don't get overwhelmed with CPU performance we want to ensure its turned OFF from the gw using it for files in general.   We just want to use it in a VERY controlled way, by sending ONE request at a time thru an api call to check/scan/sandblast/sandbox one file as we call it and we'd want each gw to use it locally not sending file thru the cloud.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

If you want to do threat emulation on prem, you need to purchase one or more Threat Emulation appliances.
These are specific appliances dedicated to Threat Emulation functions different from your existing gateways.
Your other Check Point gateways can use these local appliances for emulation instead of the cloud.
You can also submit requests to the Threat Emulation appliances via REST API.

View solution in original post

8 Replies
G_W_Albrecht
Legend Legend
Legend

Use on prem appliance for sandblast and all is possible that you want!

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Chris_Atkinson
Employee Employee
Employee

There are two relevant solutions worth discussing further with your local SE.

1. Dedicated TE appliances

2. Private Threat Cloud

CCSM R77/R80/ELITE
0 Kudos
Daniel_Kavan
Advisor

If it's possible to discuss the differences here, between a dedicated TE appliance and private threat cloud that would be helpful.   Private threat cloud looks like it runs on a dedicated manager.  And the TE appliance is a gw.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

TE appliance is configured like a GW, but can be used with one active leg in the internal network only to test files using api commands instead of TE blade.

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Chris_Atkinson
Employee Employee
Employee

The each addresses a different part of your requirement but potentially are leveraged together depending on the scale and complexity of the environment.

In general remote / dedicated TE appliances are probably the correct fit since you cannot run TE locally on the gateway itself in the manner described. sk140212 & sk114806 discuss deployment options & license considerations. 

CCSM R77/R80/ELITE
Daniel_Kavan
Advisor

It does seem to be supported to just buy the TE blade for a current gw, run it in local mode,  and hit it with api calls.  Per sk114806

Security Gateway in Gateway mode
  • ThreatCloud emulation

    • Only Gaia OS / SecurePlatform OS / X-Series XOS are supported
  • Local emulation

    • Only Gaia OS running kernel 64-bit is supported
  • Remote emulation:

    • Only Gaia OS and SecurePlatform OS are supported
0 Kudos
Chris_Atkinson
Employee Employee
Employee

Where does it say that this doesn't involve a cloud element?

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin

If you want to do threat emulation on prem, you need to purchase one or more Threat Emulation appliances.
These are specific appliances dedicated to Threat Emulation functions different from your existing gateways.
Your other Check Point gateways can use these local appliances for emulation instead of the cloud.
You can also submit requests to the Threat Emulation appliances via REST API.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events