- Products
- Learn
- Local User Groups
- Partners
- More
This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
- Products
- Learn
- Local User Groups
- Upcoming Events
- Americas
- EMEA
- Czech Republic and Slovakia
- Denmark
- Netherlands
- Germany
- Sweden
- United Kingdom and Ireland
- France
- Spain
- Norway
- Ukraine
- Baltics and Finland
- Greece
- Portugal
- Austria
- Kazakhstan and CIS
- Switzerland
- Romania
- Turkey
- Belarus
- Belgium & Luxembourg
- Russia
- Poland
- Georgia
- DACH - Germany, Austria and Switzerland
- Iberia
- Africa
- Adriatics Region
- Eastern Africa
- Israel
- Nordics
- Middle East and Africa
- Balkans
- Italy
- Bulgaria
- Cyprus
- APAC
- Partners
- More
- ABOUT CHECKMATES & FAQ
- Sign In
- Leaderboard
- Events
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Who rated this post
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It looks like it is random, as per the documentation.
I also thought that it was first to respond but I think we've confused the Policy Server and Super Node solutions.
It's a good question because if you had all three cities' Super Nodes in all the relevant Client Settings > Rules > Super Nodes > Assigned Super Nodes then I would assume it is random, as per the documentation, which is counter to the advantage of Reduced site bandwidth usage.
That would put the responsibility on the administrator to configure Client settings rules for each site and group the machines, but then you could either exclude Super Nodes for the mobile users or need to include all Super Nodes for all users and see some clients on one site actually using the Super Node on another site, assuming your scenario of all endpoints having visibility of all three Super Nodes.
I guess the questions are:
- How does Check Point actually do it (randomly it seems, based on rules with more than one Super Node)?
- How does it work in a multi-site deployment with full connectivity across sites?
- How often does that happen?
- How many users do you have that will roam regularly between sites?
- Is there a manual configuration option for the case of just a few roaming clients?
- Is there an access control solution that can control access to the Super Nodes, if that extra work (workaround) can be part of a possible solution?
Super-Node
What is a Super Node?
A Super Node is a Windows device running a specially configured Endpoint Security Client that also consists of server-like and proxy-like capabilities, and which listens on port 4434 and port 3128 to proxy by default. Super Node is a light-weight proxy (based on NGNIX) that allows admins to reduce their bandwidth consumption and enable offline updates, where only the Super Node needs connectivity to the update servers.
Super Node Workflow
When a device is assigned as a super node and has the supported blades installed, it downloads signatures from the sources defined in the policy and stores a local copy. This local copy serves as the signature source for other Endpoint Security Clients.
When an Endpoint Security Client initiates an update, it follows this process:
-
The Endpoint Security client checks for the latest signatures from a randomly selected super node listed in the Client Settings > General policy.
-
If the update fails with the chosen super node, the Endpoint Security client attempts the update with another super node in the list.
-
If the update fails with all the super nodes listed in the General Client Settings policy, the Endpoint Security client will update directly from the sources specified in the policy.
Primary Advantages:
-
Reduces site bandwidth usage.
-
Reduces server workload.
-
Reduces customer expense on server equipment, as there is no need for a local appliance.
-
Improved scale.
https://support.checkpoint.com/results/sk/sk171703
Non-Super Node flows
When an Endpoint Security client launches an update, it first checks the "Common Client Settings" policy for a "Super Node" list. If such a list is found, a random Super Node is selected for update. If update of the selected node fails, the next entry is taken from the list. Sources defined in the Anti-Malware policy are only used if all the Super Node options have failed.
Starting with E85.30 client uses "Super Node List" global policy when it is available on server in combination with "Common Client Settings" policy to determine if current computer is Super Node or if it should use one of configured "Super Nodes" as a download location for supported file type.
Note: An update is considered to be successful if the local signatures are newer than the remote signatures. Make sure all Super Nodes are continuously updated. Policy and Software Deployment features in E85.30 and newer Endpoint Security clients require a connection to the Endpoint Manager to process sync requests regarding policy and software deployment changes.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
©1994-2025 Check Point Software Technologies Ltd. All rights reserved.
Copyright
Privacy Policy
About Us
UserCenter