Introduction

SandBlast Agent requires access to the Internet (either directly, or via configured proxy).

The table below lists the relevant connectivity requirements for each blade,
as well as how to test it in order to verify the connectivity.

* Note: Authenticated proxies which require user name and password are not supported.

Hostname	Protocol	From	Used For (Version)	Verifying Connectivity (Run command listed below. You will get a response if connectivity is OK.)
te.checkpoint.com	https	Threat Emulation blade engine (cloud)	Interaction with Threat Emulation cloud	curl_cli [--proxy <IP_or_HostName:Port>] -v -k te.checkpoint.com
	https port 18194	Threat Emulation blade engine (appliance)	Interaction with Threat Emulation appliance	curl_cli [--proxy ] -v -k <IP_of_TE_appliance> 18194
gwevents.checkpoint.com	https	Threat Emulation blade telemetry	Statistics collection	curl_cli [--proxy <IP_or_HostName:Port>] -v -k gwevents.checkpoint.com
cws.checkpoint.com	http	Anti-Bot blade	Bot Detection	curl_cli [--proxy <IP_or_HostName:Port>] -v http://cws.checkpoint.com/Malware/SystemStatus/type/short
malw-cws.checkpoint.com	http	Anti-Bot blade	Bot Detection	curl_cli [--proxy <IP_or_HostName:Port>] -v http://malw-cws.checkpoint.com/Malware/SystemStatus/type/short
secureupdates.checkpoint.com	http	Anti-Bot blade	Signatures database updates	curl_cli [--proxy <IP_or_HostName:Port>] -v -k http://secureupdates.checkpoint.com/AMW/Version
sc1.checkpoint.com	http	Anti-Bot blade	Retrieve URL for bot detection server	curl_cli [--proxy <IP_or_HostName:Port>] -v -k http://sc1.checkpoint.com/EPcws/TCUrlsFormat.txt
kav8.zonealarm.com	http	Anti-Malware blade	Signatures database updates	curl_cli [--proxy <IP_or_HostName:Port>] -v http://kav8.zonealarm.com/v6/index/u1313g.xml
dnl-01.geo.kaspersky.com dnl-02.geo.kaspersky.com ... dnl-19.geo.kaspersky.com	http	Anti-Malware blade	Signatures database updates	curl_cli [--proxy <IP_or_HostName:Port>] -v http://dnl-01.geo.kaspersky.com/index/u1313g.xml
ksn*.kaspersky-labs.com ksn-crypto-file-geo.kaspersky-labs.com ksn-crypto-url-geo.kaspersky-labs.com	https	Anti-Malware blade	Cloud Reputation Services	telnet ksn-crypto-file-geo.kaspersky-labs.com 443
rep.checkpoint.com/Phishing	https	Phishing Service	File Reputation service	https://rep.checkpoint.com/Phishing/status
rep.checkpoint.com/file-rep/service	https	Threat Cloud Reputation Service	ThreatCloud File Reputation service	POST https://rep-cws.checkpoint.com/file-rep/SystemStatus/type/short
sba-data-collection.iaas.checkpoint.com	https	Data Collection service		POST https://sba-data-collection.iaas.checkpoint.com/upload
https://storage.googleapis.com/datatube-data-eu https://storage.googleapis.com/datatube-data-us https://storage.googleapis.com/datatube-data-uk https://europe-west1-datatube-240519.cloudfunctions.net	https	EDR	Threat Hunting data upload
https://us-east4-chkp-gcp-rnd-threat-hunt-box.cloudfunctions.net https://prod-gcp-contractprovider	https	EDR	Threat Hunting cloud function domain
https://cloudinfra-gw.portal.checkpoint.com https://cloudinfra-gw-us.portal.checkpoint.com	https	EDR	Cloud Infra
https://chrome.google.com https://clients2.googleusercontent.com https://clients2.google.com	https	TE Browser Extension	Google services
https://a88-221-154-122.deploy.static.akamaitechnologies.com https://a2-22-93-83.deploy.static.akamaitechnologies.com https://a95-100-209-19.deploy.static.akamaitechnologies.com	https	General SBA services

 

References

• SandBlast Agent product page
• sk108695 - Check Point SandBlast Agent for Browsers

Related Solution: sk83520 - How to verify that Security Gateway and/or Security Management Server can access Check Point servers?

 

Revision History