How to verify that Harmony Endpoint (SandBlast Agent) can access Check Point servers?

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk116590
Technical Level
Product	Harmony Endpoint
Version	All
Date Created	28-Mar-2017
Last Modified	28-Oct-2021

Solution

Introduction

Harmony Endpoint requires access to the Internet (either directly, or via configured proxy).

The table below lists the relevant connectivity requirements for each blade,
as well as how to test it in order to verify the connectivity.

* Note: Authenticated proxies which require user name and password are not supported.

Hostname	Protocol	From	Used For (Version)	Verifying Connectivity (Run command listed below. You will get a response if connectivity is OK.)
`te.checkpoint.com`	https	Threat Emulation blade engine (cloud)	Interaction with Threat Emulation cloud	curl_cli [--proxy <IP_or_HostName:Port>] -v -k te.checkpoint.com
`te.checkpoint.com`	https port 18194	Threat Emulation blade engine (appliance)	Interaction with Threat Emulation appliance	curl_cli [--proxy ] -v -k <IP_of_TE_appliance> 18194
`teadv.checkpoint.com/Sophos/`	https	Anti-Malware	Sophos additionally uses this site.	curl_cli [--proxy <IP_or_HostName:Port>] -v https://teadv.checkpoint.com/Sophos/
`gwevents.checkpoint.com`	https	Threat Emulation blade telemetry	Statistics collection	curl_cli [--proxy <IP_or_HostName:Port>] -v -k gwevents.checkpoint.com
`cws.checkpoint.com`	http	Anti-Bot blade	Bot Detection	curl_cli [--proxy <IP_or_HostName:Port>] -v http://cws.checkpoint.com/Malware/SystemStatus/type/short
`malw-cws.checkpoint.com`	http	Anti-Bot blade	Bot Detection	curl_cli [--proxy <IP_or_HostName:Port>] -v http://malw-cws.checkpoint.com/Malware/SystemStatus/type/short
`secureupdates.checkpoint.com`	http	Anti-Bot blade	Signatures database updates	curl_cli [--proxy <IP_or_HostName:Port>] -v -k http://secureupdates.checkpoint.com/AMW/Version
`sc1.checkpoint.com`	http	Anti-Bot blade	Retrieve URL for bot detection server	curl_cli [--proxy <IP_or_HostName:Port>] -v -k http://sc1.checkpoint.com/EPcws/TCUrlsFormat.txt
`kav8.zonealarm.com`	http	Anti-Malware blade	Signatures database updates	curl_cli [--proxy <IP_or_HostName:Port>] -v http://kav8.zonealarm.com/v6/index/u1313g.xml
`dnl-01.geo.kaspersky.com dnl-02.geo.kaspersky.com ... dnl-19.geo.kaspersky.com`	http	Anti-Malware blade	Signatures database updates	curl_cli [--proxy <IP_or_HostName:Port>] -v http://dnl-01.geo.kaspersky.com/index/u1313g.xml
`ksn*.kaspersky-labs.com ksn-crypto-file-geo.kaspersky-labs.com ksn-crypto-url-geo.kaspersky-labs.com`	https	Anti-Malware blade	Cloud Reputation Services	telnet ksn-crypto-file-geo.kaspersky-labs.com 443
`rep.checkpoint.com/Phishing`	https	Phishing Service	File Reputation service	https://rep.checkpoint.com/Phishing/status
`rep.checkpoint.com/file-rep/service`	https	Threat Cloud Reputation Service	ThreatCloud File Reputation service	POST https://rep-cws.checkpoint.com/file-rep/SystemStatus/type/short
`sba-data-collection.iaas.checkpoint.com`	https	Data Collection service		POST https://sba-data-collection.iaas.checkpoint.com/upload
`https://storage.googleapis.com/datatube-data-eu` `https://storage.googleapis.com/datatube-data-us` `https://storage.googleapis.com/datatube-data-uk https://europe-west1-datatube-240519.cloudfunctions.net https://proddatatubedataeu.blob.core.windows.net https://proddatatubedataeastus2.blob.core.windows.net https://proddatatubedataaustraliaea.blob.core.windows.net` `https://datatube-prod.azurewebsites.net`	https	EDR	Threat Hunting data upload	curl -v -k -X GET https://datatube-prod.azurewebsites.net/health
`https://us-east4-chkp-gcp-rnd-threat-hunt-box.cloudfunctions.net/prod-gcp-contractprovider`	https	EDR	Threat Hunting cloud function domain	curl -v -k -X GET https://us-east4-chkp-gcp-rnd-threat-hunt-box.cloudfunctions.net/prod-gcp-contractprovider/health
`https://cloudinfra-gw.portal.checkpoint.com` `https://cloudinfra-gw-us.portal.checkpoint.com https://cloudinfra-gw.ap.portal.checkpoint.com`	https	EDR	Cloud Infra	curl -v -k -X POST https://cloudinfra-gw.portal.checkpoint.com/auth/external (401 UNAUTHORIZED)
`https://www.google.com/chrome/` `https://clients2.googleusercontent.com` `https://clients2.google.com`	https	TE Browser Extension	Google services
`https://microsoftedge.microsoft.com` `https://edge.microsoft.com`	https	TE Browser Extension	Microsoft Store
`https://a88-221-154-122.deploy.static.akamaitechnologies.com` `https://a2-22-93-83.deploy.static.akamaitechnologies.com` `https://a95-100-209-19.deploy.static.akamaitechnologies.com`	https	General SBA services
`EU-vSEC-ASG-ALB-2115742625.eu-west-1.elb.amazonaws.com`	https	Harmony Endpoint Management Platform	Client-Server communication
`US-vSEC-ASG-ALB-448998794.us-east-1.elb.amazonaws.com`	https	Harmony Endpoint Management Platform	Client-Server communication
`endpoint-management-prd-alb-1052683977.ap-southeast-2.elb.amazonaws.com`	https	Harmony Endpoint Management Platform	Client-Server communication
`<Service Identifier>.epmgmt.checkpoint.com` For example: `test-abcd1234-hap1.epmgmt.checkpoint.com` Note: The source of the alerting email being sent within Harmony Endpoint Cloud Management would be the service identifier. Example: If server service identification/server name is the following in EPMaaS: `test-abcd1234-hap1` Then the unique URL will be `test-abcd1234-hap1.epmgmt.checkpoint.com`	https		To access the Web interface on cloud deployments, you’ll need to also whitelist the Service Identifier’s unique URL.
`s3-fips-r-w.us-east-1.amazonaws.com`	https	Harmony Endpoint Management Platform	Client-Server communication
`34.206.248.183` - AWS-US1 Mapped to: `epm-gw-us.epmgnt.checkpoint.com` - US Gateway	Varies	Harmony Endpoint Management Platform	Traffic from the management to clients & exported data
`34.231.106.109` - AWS-US2 Mapped to: `epm-gw-us.epmgnt.checkpoint.com` - US Gateway	Varies	Harmony Endpoint Management Platform	Traffic from the management to clients & exported data
`34.249.245.6`5 - AWS-Ireland1 Mapped to: `epm-gw-eu.epmgmt.checkpoint.com` - EU Gateway	Varies	Harmony Endpoint Management Platform	Traffic from the management to clients & exported data
`52.49.2.249` - AWS-Ireland2 Mapped to: `epm-gw-eu.epmgmt.checkpoint.com` - EU Gateway	Varies	Harmony Endpoint Management Platform	Traffic from the management to clients & exported data
Hostname	Protocol	From	Used For (Version)	Verifying Connectivity (Run command listed below. You will get a response if connectivity is OK.)

References

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating