This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Pedro_Madeira
Contributor
‎2023-12-28 02:07 AM

Threat Prevention API on SandBlast Appliances

Hello,

I would appreciate if the community could comment or correct me in the following environment I'm about to set up.

I'm currently going through the instructions to set up a Threat Prevention API on SandBlast Appliances environment.

The environment will consist of:

1 API client (mail protection system acting as an MTA and API client)

1 Load Balancer

1 Security Management

2 x TE2000XN

I gathered all available information to me from Check Point's sources and this is my understanding how I should proceed with this setup:

1) Stage the TE2000XN appliances, patching, gaia configurations, etc

2) Add both TE 2000XN appliances to the security management

3)Enable Threat Emulation and Threat extraction blades

I don't really need the threat extraction blade but from what I've read, I think I need to enable this blade in order to activate the threat prevention api through smartconsole and generate an api key that will be located in /opt/CPUserCheckPortal/phpincs/conf/TPAPI.ini

Source: sk137032 and sk113599

4) Define a threat prevention policy to be installed in both TE appliances named Recommended_Profile

Source: sk113599

This profile should allow me to define which OS are used for emulation, file emulation limits and other settings.

5) Enable threat emulation api logs to smartlog with command:

[Expert@HostName:0]# tecli advanced remote emulator logs enable

Source: sk163998

Afterward the load balancers will make sure the api client sessions are distributed among the two TE appliances.

This is a summary of the steps I'm thinking on following and I would appreciate very much if I'm on the right track or if I'm misinterpreting some steps based on the sources I consulted.

 

Thank you for any tips and pointers in the right direction.

PM

0 Kudos
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events