This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Kavan
Advisor
‎2024-09-24 05:14 AM
Jump to solution

TE on gateway sandblast in local mode

Hi,

Rather than buying a dedicated on prem appliance for sandblast, we're considering buying the overall TE package so it runs on ALL or a subset of our gateways.   Is there a way to get the code under our control?   IOW, Is there a way to turn OFF sandblast from sending data to the cloud and checking it locally?   Is there a way for it only to scan/check/sandblast files that WE send it with an api call.  IOW, can we purcahse the TE package for all our gateways and use it in a very controlled limited way?  For one, we want to turn it OFF from the cloud and run it on our own gateway locally.  2. we want to ensure that all files aren't running thru it so we don't get overwhelmed with CPU performance we want to ensure its turned OFF from the gw using it for files in general.   We just want to use it in a VERY controlled way, by sending ONE request at a time thru an api call to check/scan/sandblast/sandbox one file as we call it and we'd want each gw to use it locally not sending file thru the cloud.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-09-25 11:38 AM
Jump to solution

If you want to do threat emulation on prem, you need to purchase one or more Threat Emulation appliances.
These are specific appliances dedicated to Threat Emulation functions different from your existing gateways.
Your other Check Point gateways can use these local appliances for emulation instead of the cloud.
You can also submit requests to the Threat Emulation appliances via REST API.

View solution in original post

8 Replies
G_W_Albrecht
Legend Legend
Legend
‎2024-09-24 05:29 AM
Jump to solution

Use on prem appliance for sandblast and all is possible that you want!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Chris_Atkinson
Employee Employee
Employee
‎2024-09-24 06:35 AM
Jump to solution

There are two relevant solutions worth discussing further with your local SE.

1. Dedicated TE appliances

2. Private Threat Cloud

CCSM R77/R80/ELITE
0 Kudos
Daniel_Kavan
Advisor
‎2024-09-24 06:53 AM
In response to Chris_Atkinson
Jump to solution

If it's possible to discuss the differences here, between a dedicated TE appliance and private threat cloud that would be helpful.   Private threat cloud looks like it runs on a dedicated manager.  And the TE appliance is a gw.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2024-09-24 07:14 AM
In response to Daniel_Kavan
Jump to solution

TE appliance is configured like a GW, but can be used with one active leg in the internal network only to test files using api commands instead of TE blade.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2024-09-24 07:15 AM
In response to Daniel_Kavan
Jump to solution

The each addresses a different part of your requirement but potentially are leveraged together depending on the scale and complexity of the environment.

In general remote / dedicated TE appliances are probably the correct fit since you cannot run TE locally on the gateway itself in the manner described. sk140212 & sk114806 discuss deployment options & license considerations. 

CCSM R77/R80/ELITE
Daniel_Kavan
Advisor
‎2024-09-24 07:58 AM
In response to Chris_Atkinson
Jump to solution

It does seem to be supported to just buy the TE blade for a current gw, run it in local mode,  and hit it with api calls.  Per sk114806

Security Gateway in Gateway mode

  • ThreatCloud emulation

    • Only Gaia OS / SecurePlatform OS / X-Series XOS are supported

  • Local emulation

    • Only Gaia OS running kernel 64-bit is supported

  • Remote emulation:

    • Only Gaia OS and SecurePlatform OS are supported
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2024-09-24 08:36 AM
In response to Daniel_Kavan
Jump to solution

Where does it say that this doesn't involve a cloud element?

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin
‎2024-09-25 11:38 AM
Jump to solution

If you want to do threat emulation on prem, you need to purchase one or more Threat Emulation appliances.
These are specific appliances dedicated to Threat Emulation functions different from your existing gateways.
Your other Check Point gateways can use these local appliances for emulation instead of the cloud.
You can also submit requests to the Threat Emulation appliances via REST API.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events