Hello,

I would appreciate if the community could comment or correct me in the following environment I'm about to set up.

I'm currently going through the instructions to set up a Threat Prevention API on SandBlast Appliances environment.

The environment will consist of:

1 API client (mail protection system acting as an MTA and API client)

1 Load Balancer

1 Security Management

2 x TE2000XN

I gathered all available information to me from Check Point's sources and this is my understanding how I should proceed with this setup:

1) Stage the TE2000XN appliances, patching, gaia configurations, etc

2) Add both TE 2000XN appliances to the security management

3)Enable Threat Emulation and Threat extraction blades

I don't really need the threat extraction blade but from what I've read, I think I need to enable this blade in order to activate the threat prevention api through smartconsole and generate an api key that will be located in /opt/CPUserCheckPortal/phpincs/conf/TPAPI.ini

Source: sk137032 and sk113599

4) Define a threat prevention policy to be installed in both TE appliances named Recommended_Profile

Source: sk113599

This profile should allow me to define which OS are used for emulation, file emulation limits and other settings.

5) Enable threat emulation api logs to smartlog with command:

[Expert@HostName:0]# tecli advanced remote emulator logs enable

Source: sk163998

Afterward the load balancers will make sure the api client sessions are distributed among the two TE appliances.

This is a summary of the steps I'm thinking on following and I would appreciate very much if I'm on the right track or if I'm misinterpreting some steps based on the sources I consulted.

Thank you for any tips and pointers in the right direction.

PM