How to verify that SandBlast Agent can access Check Point servers?

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk116590
Technical Level
Product	Harmony Endpoint
Version	All
Date Created	28-Mar-2017
Last Modified	04-May-2021

Solution

Introduction

SandBlast Agent requires access to the Internet (either directly, or via configured proxy).

The table below lists the relevant connectivity requirements for each blade,
as well as how to test it in order to verify the connectivity.

* Note: Authenticated proxies which require user name and password are not supported.

Hostname	Protocol	From	Used For (Version)	Verifying Connectivity (Run command listed below. You will get a response if connectivity is OK.)
`te.checkpoint.com`	https	Threat Emulation blade engine (cloud)	Interaction with Threat Emulation cloud	curl_cli [--proxy <IP_or_HostName:Port>] -v -k te.checkpoint.com
`te.checkpoint.com`	https port 18194	Threat Emulation blade engine (appliance)	Interaction with Threat Emulation appliance	curl_cli [--proxy ] -v -k <IP_of_TE_appliance> 18194
`gwevents.checkpoint.com`	https	Threat Emulation blade telemetry	Statistics collection	curl_cli [--proxy <IP_or_HostName:Port>] -v -k gwevents.checkpoint.com
`cws.checkpoint.com`	http	Anti-Bot blade	Bot Detection	curl_cli [--proxy <IP_or_HostName:Port>] -v http://cws.checkpoint.com/Malware/SystemStatus/type/short
`malw-cws.checkpoint.com`	http	Anti-Bot blade	Bot Detection	curl_cli [--proxy <IP_or_HostName:Port>] -v http://malw-cws.checkpoint.com/Malware/SystemStatus/type/short
`secureupdates.checkpoint.com`	http	Anti-Bot blade	Signatures database updates	curl_cli [--proxy <IP_or_HostName:Port>] -v -k http://secureupdates.checkpoint.com/AMW/Version
`sc1.checkpoint.com`	http	Anti-Bot blade	Retrieve URL for bot detection server	curl_cli [--proxy <IP_or_HostName:Port>] -v -k http://sc1.checkpoint.com/EPcws/TCUrlsFormat.txt
`kav8.zonealarm.com`	http	Anti-Malware blade	Signatures database updates	curl_cli [--proxy <IP_or_HostName:Port>] -v http://kav8.zonealarm.com/v6/index/u1313g.xml
`dnl-01.geo.kaspersky.com dnl-02.geo.kaspersky.com ... dnl-19.geo.kaspersky.com`	http	Anti-Malware blade	Signatures database updates	curl_cli [--proxy <IP_or_HostName:Port>] -v http://dnl-01.geo.kaspersky.com/index/u1313g.xml
`ksn*.kaspersky-labs.com ksn-crypto-file-geo.kaspersky-labs.com ksn-crypto-url-geo.kaspersky-labs.com`	https	Anti-Malware blade	Cloud Reputation Services	telnet ksn-crypto-file-geo.kaspersky-labs.com 443
`rep.checkpoint.com/Phishing`	https	Phishing Service	File Reputation service	https://rep.checkpoint.com/Phishing/status
`rep.checkpoint.com/file-rep/service`	https	Threat Cloud Reputation Service	ThreatCloud File Reputation service	POST https://rep-cws.checkpoint.com/file-rep/SystemStatus/type/short
`sba-data-collection.iaas.checkpoint.com`	https	Data Collection service		POST https://sba-data-collection.iaas.checkpoint.com/upload
`https://storage.googleapis.com/datatube-data-eu` `https://storage.googleapis.com/datatube-data-us` `https://storage.googleapis.com/datatube-data-uk https://europe-west1-datatube-240519.cloudfunctions.net https://proddatatubedataeu.blob.core.windows.net https://proddatatubedataeastus2.blob.core.windows.net https://proddatatubedataaustraliaea.blob.core.windows.net` `https://datatube-prod.azurewebsites.net`	https	EDR	Threat Hunting data upload	curl -v -k -X GET https://datatube-prod.azurewebsites.net/health
`https://us-east4-chkp-gcp-rnd-threat-hunt-box.cloudfunctions.net/prod-gcp-contractprovider`	https	EDR	Threat Hunting cloud function domain	curl -v -k -X GET https://us-east4-chkp-gcp-rnd-threat-hunt-box.cloudfunctions.net/prod-gcp-contractprovider/health
`https://cloudinfra-gw.portal.checkpoint.com` `https://cloudinfra-gw-us.portal.checkpoint.com https://cloudinfra-gw.ap.portal.checkpoint.com`	https	EDR	Cloud Infra	curl -v -k -X POST https://cloudinfra-gw.portal.checkpoint.com/auth/external (401 UNAUTHORIZED)
`https://www.google.com/chrome/` `https://clients2.googleusercontent.com` `https://clients2.google.com`	https	TE Browser Extension	Google services
`https://microsoftedge.microsoft.com` `https://edge.microsoft.com`	https	TE Browser Extension	Microsoft Store
`https://a88-221-154-122.deploy.static.akamaitechnologies.com` `https://a2-22-93-83.deploy.static.akamaitechnologies.com` `https://a95-100-209-19.deploy.static.akamaitechnologies.com`	https	General SBA services
`EU-vSEC-ASG-ALB-2115742625.eu-west-1.elb.amazonaws.com`	https	SandBlast Agent Management Platform	Client-Server communication
`US-vSEC-ASG-ALB-448998794.us-east-1.elb.amazonaws.com`	https	SandBlast Agent Management Platform	Client-Server communication
`endpoint-management-prd-alb-1052683977.ap-southeast-2.elb.amazonaws.com`	https	SandBlast Agent Management Platform	Client-Server communication
`<Service Identifier>.epmgmt.checkpoint.com` For example: `test-abcd1234-hap1.epmgmt.checkpoint.com` Note: The source of the alerting email being sent within SandBlast Agent Cloud Management would be the service identifier. For example: If the customer’s server service identification/server name is the following in EPMaaS: `test-abcd1234-hap1` Then the unique URL will be `test-abcd1234-hap1.epmgmt.checkpoint.com`	https		To access the Web interface on cloud deployments, you’ll need to also whitelist the Service Identifier’s unique URL.

References

Revision History

Show / Hide this section

Date Description

13 Jul 2020 Added sites for Threat Hunting data upload, Threat Hunting cloud function domain, Cloud Infra, and Google services

28 Mar 2017 First release of this article

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating