Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_Kavan
Advisor

TE2000 private cloud

 

Hi mates,

I'm trying to set up a gateway for local sandboxing.    I'm looking for helpful sk links.  So, far I haven't found anything helpful to ensure I have this gateway running as a local private cloud and NOT checking in with threatcloud.  The following sks are just dealing with performance.

 

sk93000 SMT

sk107333 Support for CPU Level sandboxing

 

0 Kudos
11 Replies
Daniel_Kavan
Advisor

I'm getting access denied on some of these. about:blank#blocked

- sandblast poc [guide] [ link removed by admin ]
- checkmates Best Practices for Threat Prevention API Calls to [Appliance]https://community.checkpoint.com/t5/Security-Gateways/Best-Practices-for-Threat-Prevention-API-Calls...
- shows curl **request to the sandblast appliance**:18194 !!
- https://<appliance IP address>:18194/tecloud/api/v1/…
- sequence
- query
- hash found or not found
- individual and combined results
- can specify specific image(s)
- upload
- hash, file, content, timeout may be specified
- query for status
- benign or malicious for each image specified
- download
- base64 encoded .gz file
- base64 decode to tar.gz, unzip and untar to html report
- Threat Emulation Appliances: TE100X, TE250X, TE1000X, TE2000X ([SandBlast]https://support.checkpoint.com/results/sk/sk106210
- multiple links at bottom
- Threat Emulation Sizing Mode: how to measure the required inspections of an [organization](https://support.checkpoint.com/results/sk/sk93598)
- Check Point TE100X and TE250X Appliances Getting Started [Guide](https://sc1.checkpoint.com/documents/TE100X_250X_GSG/html_frameset.htm)
- Intel Virtualization Technology (VT) support compliance on Check Point [appliances](https://support.checkpoint.com/results/sk/sk92374)
- Threat Prevention API for Security [Gateway](https://support.checkpoint.com/results/sk/sk137032)
- POST request to the following URL: https://**<GW_IP>**/UserCheck/TPAPI
- Threat Prevention API Reference [Guide](https://sc1.checkpoint.com/documents/TPAPI/CP_1.0_ThreatPreventionAPI_APIRefGuide/html_frameset.htm)
- New Threat Emulation [reports](https://support.checkpoint.com/results/sk/sk120357)
- general status, advanced forensics chart and table, emulation
- github appliance_[tpapi](https://github.com/CheckPointSW/appliance_tpapi/tree/master/tp_api)
- swaggerhub appliance-tp-direct-[api](https://app.swaggerhub.com/apis/Check-Point/appliance-tp-direct-api/1)
- sandblast appliances data [sheet](https://www.checkpoint.com/downloads/products/ds-sandblast-te100x-250x-te1000x-te2000x-appliances.pd...) (2020)

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Daniel_Kavan
Advisor

https://support.checkpoint.com/results/sk/sk149692 Private Threat cloud
Per sk149692 we need an eval license, also, this documentation is for R81.10 - but it looks like a dedicated manager is needed.
CPSB-PTC-3005-SOC-EVAL (unlimited, can only be obtained through an internal order)

0 Kudos
Daniel_Kavan
Advisor

sk14692 indicates R81.20 is not supported.

It looks like a dedicated manager is needed for the TE appliance (private cloud)    Can anyone confirm that?   Is it supported to run a dedicated manager on the TE appliance rather than a separate manager?   Is R81.20 or will R82 be supported on the TE appliance?

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

PTC is a different use case to a TE appliance used for (remote/inline) emulation on-prem.

The TE ATRG and TP Admin Guide should be sufficient for most scenarios.

 

 

 

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin

Just to be clear what we're discussing:

  • On-premise Threat Emulation can be done with a Threat Emulation appliance (TE2000, for example)
  • Not using ThreatCloud for other Threat Prevention functions requires Private ThreatCloud, which is only supported on specific Smart-1 appliances using a specific software image that will host the ThreatCloud data for your gateways. 

Hope that clears things up.

Daniel_Kavan
Advisor

Correct, I'm POC'ing a 2000XN.  I'm not using a dedicated manager but my central manager.  This will just be used for API call to it from one linux server.  I don't want the other gateways communicating with it (although they can all see it).  I don't want any files going to threatcloud, just staying local.   Right now I'm trying to 1. confirm a file can be sandblasted and 2. confirm the blaster has all the latest definitions it needs.  I believe this is a local not remote configuration.   While the public cloud documentation says a dedicated manager is needed, maybe it's not for a local TE appliance.

the_rock
Legend
Legend

Thats right, its not needed for local TE appliance.

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Simply put PTC isn't necessary unless the TE itself has no ability to download updates from the internet and you need that repository also to be local.

CCSM R77/R80/ELITE
Daniel_Kavan
Advisor

Today, I'm looking for commands to ensure the TE2000 :

1. has all the updates & signatures it needs to do its job

2. is NOT sending files to the public threat cloud

3. can successfully scan a file locally

4. has a way for local users to send a file to it for scanning (I know it will thru api) wondering if there is aslo an easy thru a website or URL.

0 Kudos
PhoneBoy
Admin
Admin

1. https://support.checkpoint.com/results/sk/sk95235 

2. A TE appliance won't send files to the cloud, only an appropriately configured security gateway will.

3. Via the CLI: te_add_file https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_ThreatPrevention_AdminGuide/... 

4. Not that I'm aware of. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events