Support Center > Search Results > SecureKnowledge Details
How to verify that SandBlast Agent can access Check Point servers? Technical Level
Solution

Introduction

SandBlast Agent requires access to the Internet (either directly, or via configured proxy).

The table below lists the relevant connectivity requirements for each blade,
as well as how to test it in order to verify the connectivity.

* Note: Authenticated proxies which require user name and password are not supported.

Hostname Protocol From Used For (Version) Verifying Connectivity (Run command listed below. You will get a response if connectivity is OK.)
te.checkpoint.com https Threat Emulation blade engine (cloud) Interaction with Threat Emulation cloud curl_cli [--proxy <IP_or_HostName:Port>] -v -k te.checkpoint.com
https
port
18194
Threat Emulation blade engine (appliance) Interaction with Threat Emulation appliance curl_cli [--proxy ] -v -k <IP_of_TE_appliance> 18194
gwevents.checkpoint.com https Threat Emulation blade telemetry Statistics collection curl_cli [--proxy <IP_or_HostName:Port>] -v -k gwevents.checkpoint.com
cws.checkpoint.com http Anti-Bot blade Bot Detection curl_cli [--proxy <IP_or_HostName:Port>] -v http://cws.checkpoint.com/Malware/SystemStatus/type/short
malw-cws.checkpoint.com http Anti-Bot blade Bot Detection curl_cli [--proxy <IP_or_HostName:Port>] -v http://malw-cws.checkpoint.com/Malware/SystemStatus/type/short
secureupdates.checkpoint.com http Anti-Bot blade Signatures database updates curl_cli [--proxy <IP_or_HostName:Port>] -v -k http://secureupdates.checkpoint.com/AMW/Version
sc1.checkpoint.com http Anti-Bot blade Retrieve URL for bot detection server curl_cli [--proxy <IP_or_HostName:Port>] -v -k http://sc1.checkpoint.com/EPcws/TCUrlsFormat.txt
kav8.zonealarm.com http Anti-Malware blade Signatures database updates curl_cli [--proxy <IP_or_HostName:Port>] -v http://kav8.zonealarm.com/v6/index/u1313g.xml
dnl-01.geo.kaspersky.com
dnl-02.geo.kaspersky.com
...
dnl-19.geo.kaspersky.com
http Anti-Malware blade Signatures database updates curl_cli [--proxy <IP_or_HostName:Port>] -v http://dnl-01.geo.kaspersky.com/index/u1313g.xml
ksn*.kaspersky-labs.com
ksn-crypto-file-geo.kaspersky-labs.com
ksn-crypto-url-geo.kaspersky-labs.com
https Anti-Malware blade Cloud Reputation Services telnet ksn-crypto-file-geo.kaspersky-labs.com 443
rep.checkpoint.com/Phishing https Phishing Service File Reputation service https://rep.checkpoint.com/Phishing/status
rep.checkpoint.com/file-rep/service https Threat Cloud Reputation Service ThreatCloud File Reputation service POST https://rep-cws.checkpoint.com/file-rep/SystemStatus/type/short
sba-data-collection.iaas.checkpoint.com https  Data Collection service    POST https://sba-data-collection.iaas.checkpoint.com/upload
https://storage.googleapis.com/datatube-data-eu
https://storage.googleapis.com/datatube-data-us
https://storage.googleapis.com/datatube-data-uk
https://europe-west1-datatube-240519.cloudfunctions.net
https://proddatatubedataeu.blob.core.windows.net
https://proddatatubedataeastus2.blob.core.windows.net
https://proddatatubedataaustraliaea.blob.core.windows.net

https://datatube-prod.azurewebsites.net
https EDR Threat Hunting data upload  curl -v -k -X GET https://datatube-prod.azurewebsites.net/health
https://us-east4-chkp-gcp-rnd-threat-hunt-box.cloudfunctions.net/prod-gcp-contractprovider https EDR Threat Hunting cloud function domain  curl
-v -k -X GET https://us-east4-chkp-gcp-rnd-threat-hunt-box.cloudfunctions.net/prod-gcp-contractprovider/health
https://cloudinfra-gw.portal.checkpoint.com
https://cloudinfra-gw-us.portal.checkpoint.com
https://cloudinfra-gw.ap.portal.checkpoint.com
https EDR Cloud Infra  curl
-v -k -X POST https://cloudinfra-gw.portal.checkpoint.com/auth/external (401 UNAUTHORIZED)
https://www.google.com/chrome/
https://clients2.googleusercontent.com
https://clients2.google.com
https TE Browser Extension Google services  
https://microsoftedge.microsoft.com
https://edge.microsoft.com
https TE Browser Extension Microsoft Store  
https://a88-221-154-122.deploy.static.akamaitechnologies.com
https://a2-22-93-83.deploy.static.akamaitechnologies.com
https://a95-100-209-19.deploy.static.akamaitechnologies.com
https General SBA services  
EU-vSEC-ASG-ALB-2115742625.eu-west-1.elb.amazonaws.com https SandBlast Agent Management Platform Client-Server communication   
US-vSEC-ASG-ALB-448998794.us-east-1.elb.amazonaws.com https SandBlast Agent Management Platform Client-Server communication   
endpoint-management-prd-alb-1052683977.ap-southeast-2.elb.amazonaws.com https SandBlast Agent Management Platform Client-Server communication   
<Service Identifier>.epmgmt.checkpoint.com

For example: test-abcd1234-hap1.epmgmt.checkpoint.com

Note: The source of the alerting email being sent within SandBlast Agent Cloud Management would be the service identifier.

For example: If the customer’s server service identification/server name is the following in EPMaaS: test-abcd1234-hap1

Then the unique URL will be test-abcd1234-hap1.epmgmt.checkpoint.com
https To access the Web interface on cloud deployments, you’ll need to also whitelist the Service Identifier’s unique URL.  

 

References

Related Solution: sk83520 - How to verify that Security Gateway and/or Security Management Server can access Check Point servers?

 

Revision History

Show / Hide this section
Date Description
13 Jul 2020 Added sites for Threat Hunting data upload, Threat Hunting cloud function domain, Cloud Infra, and Google services 
28 Mar 2017 First release of this article

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment