CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 7 of 7

Thread: Need help to implement the Carbon black through Checkpoint

  1. #1
    Join Date
    2015-03-31
    Posts
    43
    Rep Power
    0

    Default Need help to implement the Carbon black through Checkpoint

    Hi Team,

    We are in a process of implementing the Carbon black Next-Gen Antivirus in our environment. Unlike any anti-virus vendor carbon black doesn't have any centralized management to control the clients. Carbon black sensors will be installed on the individual clients and every client will contact the cloud for downloading the updates. The challenge here is there are no specified static IP address from carbon black to allow on the firewall rule base. So what we need to do is we need to allow the entire Internet-sites in the firewall blade and allowing only the following URL's for communication.
    *.conferdeploy.net
    *.carbonblack.io
    *.confer.net
    Also Carbon black doesn't support ssl inspection so i have to bypass the HTTPS inspection for all the clients.

    We have few servers which are going to internet,where the URL's are unknown so we allowed through it's public IP and opened Any Recognized sites in URL filtering.
    Now it's becoming difficult to control those servers now.

    Can someone share your thoughts on how to deal with this scenario?
    Also can somebody share your experience if you are worked on the carbon black along with checkpoint.

    Firewall and Management are running on Gaia R77.30

  2. #2
    Join Date
    2006-09-26
    Posts
    3,172
    Rep Power
    16

    Default Re: Need help to implement the Carbon black through Checkpoint

    Quote Originally Posted by iamramu92 View Post
    Hi Team,

    We are in a process of implementing the Carbon black Next-Gen Antivirus in our environment. Unlike any anti-virus vendor carbon black doesn't have any centralized management to control the clients. Carbon black sensors will be installed on the individual clients and every client will contact the cloud for downloading the updates. The challenge here is there are no specified static IP address from carbon black to allow on the firewall rule base. So what we need to do is we need to allow the entire Internet-sites in the firewall blade and allowing only the following URL's for communication.
    *.conferdeploy.net
    *.carbonblack.io
    *.confer.net
    Also Carbon black doesn't support ssl inspection so i have to bypass the HTTPS inspection for all the clients.

    We have few servers which are going to internet,where the URL's are unknown so we allowed through it's public IP and opened Any Recognized sites in URL filtering.
    Now it's becoming difficult to control those servers now.

    Can someone share your thoughts on how to deal with this scenario?
    Also can somebody share your experience if you are worked on the carbon black along with checkpoint.

    Firewall and Management are running on Gaia R77.30

    Proxy server

  3. #3
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,492
    Rep Power
    15

    Default Re: Need help to implement the Carbon black through Checkpoint

    Quote Originally Posted by cciesec2006 View Post
    Proxy server
    We have a bingo

  4. #4
    Join Date
    2015-03-31
    Posts
    43
    Rep Power
    0

    Default Re: Need help to implement the Carbon black through Checkpoint

    Unfortunately we do not have a proxy in our environment, if it is there i need not to have an application control and URL filtering enabled on the firewall

  5. #5
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,492
    Rep Power
    15

    Default Re: Need help to implement the Carbon black through Checkpoint

    Quote Originally Posted by iamramu92 View Post
    Unfortunately we do not have a proxy in our environmentl
    So install one. Squid has been free for oh, 20 years or so.

  6. #6
    Join Date
    2015-03-31
    Posts
    43
    Rep Power
    0

    Default Re: Need help to implement the Carbon black through Checkpoint

    Hi Team,

    I have tried checking through proxy. What is happening there is no option to point out the Carbon black sensor (Client side agent) towards the proxy server.
    Is there anymore option i can try?

  7. #7
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,492
    Rep Power
    15

    Default Re: Need help to implement the Carbon black through Checkpoint

    Quote Originally Posted by iamramu92 View Post
    Hi Team,

    I have tried checking through proxy. What is happening there is no option to point out the Carbon black sensor (Client side agent) towards the proxy server.
    Is there anymore option i can try?
    Talk to the vendor. If they are in any way serious about selling this product into Enterprises they will have some way of dealing with this.

    If they are not interested, then why are you using them?

Similar Threads

  1. Checkpoint issue with Carbon-black installation
    By iamramu92 in forum Application Control Blade
    Replies: 0
    Last Post: 2018-04-17, 06:31
  2. cluster member gateway black icon in smart dashboard
    By carl_t in forum Advanced Networking & Clustering Blade
    Replies: 0
    Last Post: 2014-03-20, 08:56
  3. Replies: 1
    Last Post: 2013-01-22, 15:29
  4. URI Black List
    By fintrax in forum Content Security/Security Servers/CVP/UFP
    Replies: 0
    Last Post: 2009-03-05, 10:47
  5. How to backup checkpoint through CLI in Nokia IP330 + Checkpoint NG FP1
    By stuart in forum Check Point Backup Procedures
    Replies: 0
    Last Post: 2007-04-05, 05:47

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •