This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Justoe
Explorer
‎2022-04-11 12:04 PM

Threat Emulation Topology

Hi Everyone,

May i please have a detailed threat emulation topology that i can use as a guide to deploy a TE appliance for an in-line remote emulation deployment. I need a topology which shows the recommended wiring and highlights the traffic flow showing how the gateway send the traffic to the TE appliance for emulation and how the TE appliance returns the traffic to the security gateway.

0 Kudos
4 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-04-12 05:20 AM

Can you please clarify the environment, remote and in-line imply different deployment scenarios. There are also hybrid deployment possibilities.

Specifically which device is harvesting the files i.e. is the security gateway configured as the termination point for both Web & MTA flows which in turn will pass to TE for detonation/analysis?

sk114806 - ATRG: Threat Emulation

 

 

 

 

CCSM R77/R80/ELITE
0 Kudos
Justoe
Explorer
‎2022-04-13 09:18 AM
In response to Chris_Atkinson

Hi Chris,

Thanks for your response. The attached is the topology I'm trying to implement, however the challenge I'm facing is that the Checkpoint documentation I have come across so far, is only at a high level and does not give a low level guide on how to cable the equipment, prepare the routing and deploy the policies. I have a TE100X appliance that I want to use for remote emulation.

Sample_Remote_Deployment.png
Preview file
120 KB
0 Kudos
the_rock
Legend
Legend
‎2022-04-13 09:39 AM
In response to Justoe

I have not worked with these appliances recently, but let me see if I can find notes I took when I helped customer few years ago with it. Here is something basic for now:

https://sc1.checkpoint.com/documents/TE100X_250X_GSG/html_frameset.htm?topic=documents/TE100X_250X_G...

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-04-13 05:35 PM
In response to Justoe

 

Cabling - minimal possibly only a single cable, unless you need to attach to multiple switches for redundancy using a bond or have a specific management network.

Routing - minimal possibly only a single IP & default route depending on customer requirements for how the appliance should be managed and the communication path needed to reach the security gateway.

Refer also: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_ThreatPrevention_AdminGuide/...

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    In-Person

    Tue 25 Mar 2025 @ 09:00 AM (EDT)

    Canada In-Person Cloud Security with Hands-On CloudGuard Workshops!
    In-Person

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap
    In-Person

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events
    Top