Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Justoe
Explorer

Threat Emulation Topology

Hi Everyone,

May i please have a detailed threat emulation topology that i can use as a guide to deploy a TE appliance for an in-line remote emulation deployment. I need a topology which shows the recommended wiring and highlights the traffic flow showing how the gateway send the traffic to the TE appliance for emulation and how the TE appliance returns the traffic to the security gateway.

0 Kudos
4 Replies

Can you please clarify the environment, remote and in-line imply different deployment scenarios. There are also hybrid deployment possibilities.

Specifically which device is harvesting the files i.e. is the security gateway configured as the termination point for both Web & MTA flows which in turn will pass to TE for detonation/analysis?

sk114806 - ATRG: Threat Emulation

 

 

 

 

0 Kudos
Justoe
Explorer

Hi Chris,

Thanks for your response. The attached is the topology I'm trying to implement, however the challenge I'm facing is that the Checkpoint documentation I have come across so far, is only at a high level and does not give a low level guide on how to cable the equipment, prepare the routing and deploy the policies. I have a TE100X appliance that I want to use for remote emulation.

0 Kudos
the_rock
Champion
Champion

I have not worked with these appliances recently, but let me see if I can find notes I took when I helped customer few years ago with it. Here is something basic for now:

https://sc1.checkpoint.com/documents/TE100X_250X_GSG/html_frameset.htm?topic=documents/TE100X_250X_G...

0 Kudos

 

Cabling - minimal possibly only a single cable, unless you need to attach to multiple switches for redundancy using a bond or have a specific management network.

Routing - minimal possibly only a single IP & default route depending on customer requirements for how the appliance should be managed and the communication path needed to reach the security gateway.

Refer also: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_ThreatPrevention_AdminGuide/...

0 Kudos