This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Kavan
Advisor
Advisor
‎2024-10-25 05:22 AM
Jump to solution

TE2000 private cloud

 

Hi mates,

I'm trying to set up a gateway for local sandboxing.    I'm looking for helpful sk links.  So, far I haven't found anything helpful to ensure I have this gateway running as a local private cloud and NOT checking in with threatcloud.  The following sks are just dealing with performance.

 

sk93000 SMT

sk107333 Support for CPU Level sandboxing

 

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee
‎2024-10-25 08:01 PM
In response to Daniel_Kavan
Jump to solution

Simply put PTC isn't necessary unless the TE itself has no ability to download updates from the internet and you need that repository also to be local.

CCSM R77/R80/ELITE

View solution in original post

11 Replies
Daniel_Kavan
Advisor
Advisor
‎2024-10-25 05:30 AM
Jump to solution

I'm getting access denied on some of these. about:blank#blocked

- sandblast poc [guide] [ link removed by admin ]
- checkmates Best Practices for Threat Prevention API Calls to [Appliance]https://community.checkpoint.com/t5/Security-Gateways/Best-Practices-for-Threat-Prevention-API-Calls...
- shows curl **request to the sandblast appliance**:18194 !!
- https://<appliance IP address>:18194/tecloud/api/v1/…
- sequence
- query
- hash found or not found
- individual and combined results
- can specify specific image(s)
- upload
- hash, file, content, timeout may be specified
- query for status
- benign or malicious for each image specified
- download
- base64 encoded .gz file
- base64 decode to tar.gz, unzip and untar to html report
- Threat Emulation Appliances: TE100X, TE250X, TE1000X, TE2000X ([SandBlast]https://support.checkpoint.com/results/sk/sk106210
- multiple links at bottom
- Threat Emulation Sizing Mode: how to measure the required inspections of an [organization](https://support.checkpoint.com/results/sk/sk93598)
- Check Point TE100X and TE250X Appliances Getting Started [Guide](https://sc1.checkpoint.com/documents/TE100X_250X_GSG/html_frameset.htm)
- Intel Virtualization Technology (VT) support compliance on Check Point [appliances](https://support.checkpoint.com/results/sk/sk92374)
- Threat Prevention API for Security [Gateway](https://support.checkpoint.com/results/sk/sk137032)
- POST request to the following URL: https://**<GW_IP>**/UserCheck/TPAPI
- Threat Prevention API Reference [Guide](https://sc1.checkpoint.com/documents/TPAPI/CP_1.0_ThreatPreventionAPI_APIRefGuide/html_frameset.htm)
- New Threat Emulation [reports](https://support.checkpoint.com/results/sk/sk120357)
- general status, advanced forensics chart and table, emulation
- github appliance_[tpapi](https://github.com/CheckPointSW/appliance_tpapi/tree/master/tp_api)
- swaggerhub appliance-tp-direct-[api](https://app.swaggerhub.com/apis/Check-Point/appliance-tp-direct-api/1)
- sandblast appliances data [sheet](https://www.checkpoint.com/downloads/products/ds-sandblast-te100x-250x-te1000x-te2000x-appliances.pd...) (2020)

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2024-10-25 06:03 AM
In response to Daniel_Kavan
Jump to solution

Refer also: R81.20 TP Admin Guide https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_ThreatPrevention_AdminGuide/...

CCSM R77/R80/ELITE
Daniel_Kavan
Advisor
Advisor
‎2024-10-25 06:20 AM
In response to Chris_Atkinson
Jump to solution

https://support.checkpoint.com/results/sk/sk149692 Private Threat cloud
Per sk149692 we need an eval license, also, this documentation is for R81.10 - but it looks like a dedicated manager is needed.
CPSB-PTC-3005-SOC-EVAL (unlimited, can only be obtained through an internal order)

0 Kudos
Daniel_Kavan
Advisor
Advisor
‎2024-10-25 06:32 AM
In response to Daniel_Kavan
Jump to solution

sk14692 indicates R81.20 is not supported.

It looks like a dedicated manager is needed for the TE appliance (private cloud)    Can anyone confirm that?   Is it supported to run a dedicated manager on the TE appliance rather than a separate manager?   Is R81.20 or will R82 be supported on the TE appliance?

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2024-10-25 06:52 AM
In response to Daniel_Kavan
Jump to solution

PTC is a different use case to a TE appliance used for (remote/inline) emulation on-prem.

The TE ATRG and TP Admin Guide should be sufficient for most scenarios.

 

 

 

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin
‎2024-10-25 01:25 PM
In response to Daniel_Kavan
Jump to solution

Just to be clear what we're discussing:

  • On-premise Threat Emulation can be done with a Threat Emulation appliance (TE2000, for example)
  • Not using ThreatCloud for other Threat Prevention functions requires Private ThreatCloud, which is only supported on specific Smart-1 appliances using a specific software image that will host the ThreatCloud data for your gateways. 

Hope that clears things up.

Daniel_Kavan
Advisor
Advisor
‎2024-10-25 01:43 PM
In response to PhoneBoy
Jump to solution

Correct, I'm POC'ing a 2000XN.  I'm not using a dedicated manager but my central manager.  This will just be used for API call to it from one linux server.  I don't want the other gateways communicating with it (although they can all see it).  I don't want any files going to threatcloud, just staying local.   Right now I'm trying to 1. confirm a file can be sandblasted and 2. confirm the blaster has all the latest definitions it needs.  I believe this is a local not remote configuration.   While the public cloud documentation says a dedicated manager is needed, maybe it's not for a local TE appliance.

the_rock
Legend
Legend
‎2024-10-25 01:52 PM
In response to Daniel_Kavan
Jump to solution

Thats right, its not needed for local TE appliance.

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2024-10-25 08:01 PM
In response to Daniel_Kavan
Jump to solution

Simply put PTC isn't necessary unless the TE itself has no ability to download updates from the internet and you need that repository also to be local.

CCSM R77/R80/ELITE
Daniel_Kavan
Advisor
Advisor
‎2024-10-28 06:16 AM
In response to Chris_Atkinson
Jump to solution

Today, I'm looking for commands to ensure the TE2000 :

1. has all the updates & signatures it needs to do its job

2. is NOT sending files to the public threat cloud

3. can successfully scan a file locally

4. has a way for local users to send a file to it for scanning (I know it will thru api) wondering if there is aslo an easy thru a website or URL.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-10-28 02:47 PM
In response to Daniel_Kavan
Jump to solution

1. https://support.checkpoint.com/results/sk/sk95235 

2. A TE appliance won't send files to the cloud, only an appropriately configured security gateway will.

3. Via the CLI: te_add_file https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_ThreatPrevention_AdminGuide/... 

4. Not that I'm aware of. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events