Support Center > Search Results > SecureKnowledge Details
R77.30 Private ThreatCloud Technical Level

Table of Contents:

  • Introduction
  • Known Limitations
  • Documentation
  • Downloads
  • Legal Disclaimer
  • Related Solutions
  • Revision History



The Private ThreatCloud running on Gaia OS is a replica of the Check Point public ThreatCloud.
It is an on-premises hardware platform that runs ThreatCloud technologies and contains an up-to-date image of the data on ThreatCloud.
Software Blades on Security Gateways and other Check Point Devices can simply use the Private ThreatCloud locally, instead of using the public ThreatCloud directly.

There are currently three main services offered by the Private ThreatCloud:

  • Private ThreatCloud - real-time reputation data for Check Point Anti-Virus, Anti-Bot and URL Filtering software blades, as well as updates for IPS, Application Control, Anti-Bot, and local Threat Emulation Sandblast appliances.
  • Private Threat Emulation Sandblast threat indicators - file hashes detected by local Threat Emulation Sandblast appliances are added as custom indicators to the Private ThreatCloud for serving Anti-Virus blade.
  • Upgrades (using Gaia OS CPUSE) - Check Point Gaia OS software update queries

In addition to the aforementioned components, the Private ThreatCloud is bundled with a Download Agent software component.
The Download Agent, which accesses the Internet, can run on the Private ThreatCloud itself, on a separate appliance, or a Virtual Machine.
Communication between the Download Agent and the Private ThreatCloud is completely unidirectional, supporting multiple connectivity mechanisms between the Download Agent and the Private ThreatCloud to suit the needs of different customer categories.

Customers can choose between the following deployment options:

  • Single Box - the Private ThreatCloud and the Download Agent are installed on the same appliance.
  • Unidirectional - the Download Agent is installed on a different appliance / Virtual Machine than the Private ThreatCloud. Customers can:
    • either use a Check Point Security Gateway to enforce one-way updates, or position a commercial certified data diode between these two components
    • manually transfer the data from the Download Agent to the Private ThreatCloud using offline media

Private ThreatCloud supports multiple Load Balancing and High Availability options.
Typically, large customers will install Private ThreatCloud at regional data centers and configure their gateways to access the closest Cloud Appliance by default, with remote Cloud Appliances picking up the load in case of failure.
The Private ThreatCloud onboard self-protection mechanisms allow the customers to simply install the appliances on the network as needed to reduce load and latency, without worrying about protecting them with an additional Security Gateway.


Known Limitations

These Features are not supported on Security Gateways, or other Check Point Devices that work with a Private ThreatCloud:

Feature Limitation
  • Offline Update is not supported.
  • Geo Protection - IP ranges will not get updates. Therefore, a misclassification of IP address to the wrong country might occur.
Multi-Domain Security Management environment
  • It is not possible to configure only one Domain to work with the Private ThreatCloud. It is only possible to configure either all Domains, or none.
Threat Prevention
  • In SmartDashboard, when trying to access Threat Prevention tab - Protections pane, the pane will not be displayed, and an error message will be displayed:
    "Cannot access protection information due to connectivity issue".
  • Threat Prevention Exception Groups are not supported.
Application & URL Filtering
  • Categorizing of social network widgets is not supported.
  • Anti-Spam is not supported when using Private ThreatCloud.
  • Access from logs to ThreatWiki is not supported.
SmartConsole Overview
  • Updates for 'Protections' overview in SmartConsole is not supported. 





  • The Private ThreatCloud is available only as a part of the purchased Smart-1 appliance.
  • The Download Agent ISO is provided in addition to the purchased Smart-1 appliance.


Removal of this appliance and/or hard disks from this appliance must be made with the technical assistance of Check Point and requires immediate erasing of its contents and destruction thereof.



Revision History

Show / Hide revision history

Date Description
31 Jan 2017
  • Updated the Private ThreatCloud Installation Guide
14 Aug 2016
  • Added link to "Private ThreatCloud Datasheet"
26 June 2016
  • Updated the "Downloads" section
16 May 2016
  • Updated the related versions
  • Added section "Related Solutions"
15 May 2016
  • Updated the related versions
11 May 2016
  • First release this article

Give us Feedback
Please rate this document