Can I use the SBA without management server ?How its configuration ?
All Endpoint blades (including SBA) require a management server for deployment and collecting logs.
Which blades will work on SBA if management is not available some time?
Management is definitely required for initial deployment.
Beyond that the blades can operate more or less independent of the management.
Forensics requires access to the management to generate reports.
Many of the blades require Internet access to leverage ThreatCloud.
Antiransomware will work without Internet at all.
All blades will keep working even when disconnected from the management server:
What the management server is really needed for is policy management, licensing, central monitoring and update distribution.
If we use SandBlast appliance, do we need access from the client machines to the Internet, did they just have access to the appliance? How in the given case will the anti-bot work?
The clients need to access the TE appliance or ThreatCloud.
Anti-Bot needs Internet access to look up threat indicators.
We do offer a 'Private ThreatCloud' appliance, which I know our security gateways can use in the "no Internet" use case, but not sure on Endpoint... hopefully Lior Arzi can clarify.
As Dameon mentioned, for TE SBA can work either with the cloud or with a TE appliance, you can configure this in the management.
You do need the cloud for AB (we haven't certified yet 'Private Threat Cloud' appliance with SBA).
Retrieving data ...