Support Center > Search Results > SecureKnowledge Details
How to verify that Harmony Endpoint (SandBlast Agent) can access Check Point servers? Technical Level
Solution

Introduction

Harmony Endpoint requires access to the Internet (either directly, or via configured proxy).

The table below lists the relevant connectivity requirements for each blade,
as well as how to test it in order to verify the connectivity.

* Note: Authenticated proxies which require user name and password are not supported.

Hostname Protocol From Used For (Version) Verifying Connectivity (Run command listed below. You will get a response if connectivity is OK.)
te.checkpoint.com https Threat Emulation blade engine (cloud) Interaction with Threat Emulation cloud curl_cli [--proxy <IP_or_HostName:Port>] -v -k te.checkpoint.com
https
port
18194
Threat Emulation blade engine (appliance) Interaction with Threat Emulation appliance curl_cli [--proxy ] -v -k <IP_of_TE_appliance> 18194
teadv.checkpoint.com/Sophos/ https Anti-Malware Sophos additionally uses this site. curl_cli [--proxy <IP_or_HostName:Port>] -v https://teadv.checkpoint.com/Sophos/
gwevents.checkpoint.com https Threat Emulation blade telemetry Statistics collection curl_cli [--proxy <IP_or_HostName:Port>] -v -k gwevents.checkpoint.com
cws.checkpoint.com http Anti-Bot blade Bot Detection curl_cli [--proxy <IP_or_HostName:Port>] -v http://cws.checkpoint.com/Malware/SystemStatus/type/short
malw-cws.checkpoint.com http Anti-Bot blade Bot Detection curl_cli [--proxy <IP_or_HostName:Port>] -v http://malw-cws.checkpoint.com/Malware/SystemStatus/type/short
secureupdates.checkpoint.com http Anti-Bot blade Signatures database updates curl_cli [--proxy <IP_or_HostName:Port>] -v -k http://secureupdates.checkpoint.com/AMW/Version
sc1.checkpoint.com http Anti-Bot blade Retrieve URL for bot detection server curl_cli [--proxy <IP_or_HostName:Port>] -v -k http://sc1.checkpoint.com/EPcws/TCUrlsFormat.txt
kav8.zonealarm.com http Anti-Malware blade Signatures database updates curl_cli [--proxy <IP_or_HostName:Port>] -v http://kav8.zonealarm.com/v6/index/u1313g.xml
dnl-01.geo.kaspersky.com
dnl-02.geo.kaspersky.com
...
dnl-19.geo.kaspersky.com
http Anti-Malware blade Signatures database updates curl_cli [--proxy <IP_or_HostName:Port>] -v http://dnl-01.geo.kaspersky.com/index/u1313g.xml
ksn*.kaspersky-labs.com
ksn-crypto-file-geo.kaspersky-labs.com
ksn-crypto-url-geo.kaspersky-labs.com
https Anti-Malware blade Cloud Reputation Services telnet ksn-crypto-file-geo.kaspersky-labs.com 443
rep.checkpoint.com/Phishing https Phishing Service File Reputation service https://rep.checkpoint.com/Phishing/status
rep.checkpoint.com/file-rep/service https Threat Cloud Reputation Service ThreatCloud File Reputation service POST https://rep-cws.checkpoint.com/file-rep/SystemStatus/type/short
sba-data-collection.iaas.checkpoint.com https  Data Collection service   POST https://sba-data-collection.iaas.checkpoint.com/upload
https://storage.googleapis.com/datatube-data-eu
https://storage.googleapis.com/datatube-data-us
https://storage.googleapis.com/datatube-data-uk
https://europe-west1-datatube-240519.cloudfunctions.net
https://proddatatubedataeu.blob.core.windows.net
https://proddatatubedataeastus2.blob.core.windows.net
https://proddatatubedataaustraliaea.blob.core.windows.net

https://datatube-prod.azurewebsites.net
https EDR Threat Hunting data upload curl -v -k -X GET https://datatube-prod.azurewebsites.net/health
https://us-east4-chkp-gcp-rnd-threat-hunt-box.cloudfunctions.net/prod-gcp-contractprovider https EDR Threat Hunting cloud function domain curl
-v -k -X GET https://us-east4-chkp-gcp-rnd-threat-hunt-box.cloudfunctions.net/prod-gcp-contractprovider/health
https://cloudinfra-gw.portal.checkpoint.com
https://cloudinfra-gw-us.portal.checkpoint.com
https://cloudinfra-gw.ap.portal.checkpoint.com
https EDR Cloud Infra curl
-v -k -X POST https://cloudinfra-gw.portal.checkpoint.com/auth/external (401 UNAUTHORIZED)
https://www.google.com/chrome/
https://clients2.googleusercontent.com
https://clients2.google.com
https TE Browser Extension Google services  
https://microsoftedge.microsoft.com
https://edge.microsoft.com
https TE Browser Extension Microsoft Store  
https://a88-221-154-122.deploy.static.akamaitechnologies.com
https://a2-22-93-83.deploy.static.akamaitechnologies.com
https://a95-100-209-19.deploy.static.akamaitechnologies.com
https General SBA services  
EU-vSEC-ASG-ALB-2115742625.eu-west-1.elb.amazonaws.com https Harmony Endpoint Management Platform Client-Server communication   
US-vSEC-ASG-ALB-448998794.us-east-1.elb.amazonaws.com https Harmony Endpoint Management Platform Client-Server communication   
endpoint-management-prd-alb-1052683977.ap-southeast-2.elb.amazonaws.com https Harmony Endpoint Management Platform Client-Server communication   
<Service Identifier>.epmgmt.checkpoint.com

For example: test-abcd1234-hap1.epmgmt.checkpoint.com

Note: The source of the alerting email being sent within Harmony Endpoint Cloud Management would be the service identifier.

Example: If server service identification/server name is the following in EPMaaS: test-abcd1234-hap1

Then the unique URL will be test-abcd1234-hap1.epmgmt.checkpoint.com
https To access the Web interface on cloud deployments, you’ll need to also whitelist the Service Identifier’s unique URL.  
s3-fips-r-w.us-east-1.amazonaws.com https Harmony Endpoint Management Platform Client-Server communication  
34.206.248.183 - AWS-US1

Mapped to: epm-gw-us.epmgnt.checkpoint.com - US Gateway
Varies Harmony Endpoint Management Platform Traffic from the management to clients & exported data  
34.231.106.109 - AWS-US2

Mapped to: epm-gw-us.epmgnt.checkpoint.com - US Gateway
Varies Harmony Endpoint Management Platform Traffic from the management to clients & exported data  
34.249.245.65 - AWS-Ireland1

Mapped to: epm-gw-eu.epmgmt.checkpoint.com - EU Gateway
Varies Harmony Endpoint Management Platform Traffic from the management to clients & exported data  
52.49.2.249 - AWS-Ireland2

Mapped to: epm-gw-eu.epmgmt.checkpoint.com - EU Gateway
Varies Harmony Endpoint Management Platform Traffic from the management to clients & exported data  
Hostname Protocol From Used For (Version) Verifying Connectivity (Run command listed below. You will get a response if connectivity is OK.)

 

References

Related Solution: sk83520 - How to verify that Security Gateway and/or Security Management Server can access Check Point servers?

 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment