Thursday, February 2, 2017

TE

Engine Settings:
Threat Emulation Connection Handling Mode:
Background – Connections are allowed until emulation is complete.
Maximum file size for emulation:
30000 (kb) – 30 (mb)
------------------------------------------------------------------------------------------------------------------------------------------
Proposed Production Configuration:
Device Names: myte01, my2te02 - 1 gig Mgmt, 10 gig Prod Traffic
Boston Internet Firewall – local emulation (bos0105te01)
Hingham Internet Firewall – local emulation (hng0301te02)
Nondeavpn Firewall – local emulation (bos0105te01)
Bosvpn Firewall – local emulation (bos0105te01)
Hinvpn Firewall – local emulation (hng0301te02)

Failover option – Multiple Private Threat Cloud Appliances:
Engine Settings:
Threat Emulation Connection Handling Mode:
Background – Connections are allowed until emulation is complete.
Maximum file size for emulation:
30000 (kb) – 30 (mb)

TE1000X Appliances upgraded:
·         Major Software Version - CPUSE – R77.30
·         CPUSE - 1130
·         TE Engine Version - 47.990001022
·         Jumbo Hotfix Accumulator - 205
[Expert@bos0105te01:0]# fw ver
This is Check Point's software version R77.30 - Build 034
[Expert@bos0105te01:0]# installed_jumbo_take        
R77.30 Jumbo Hotfix Accumulator take_205 is installed, see sk106162.
[Expert@bos0105te01:0]# tecli advanced engine version
Threat emulation engine version is: 47.990001022
bos0105te01> show installer status build
Build number: 1130 (agent build is up to date)

 [Expert@hng0301te02:0]# fw ver
This is Check Point's software version R77.30 - Build 034
[Expert@hng0301te02:0]# installed_jumbo_take
R77.30 Jumbo Hotfix Accumulator take_205 is installed, see sk106162.
[Expert@hng0301te02:0]# tecli advanced engine version
Threat emulation engine version is: 47.990001022
hng0301te02> show installer status build
Build number: 1130 (agent build is up to date)

Update Malware DNS traps:


·         Add dns.com










Threat Emulation support for Multiple Private Cloud Appliances

Enabling support for multiple TE Cloud Appliances:
[Expert@firewall01:0]# tecli advanced remote activate
**Note: This command will override the existing settings defined through the Smart Dashboard**
Output will display following:
Multiple private cloud appliances is now activated!

Please remember to install policy to apply changes!

**Note: DO NOT INSTALL POLICY UNTIL YOU HAVE DEFINED AT LEAST ONE TE DEVICE**

Adding a new Remote TE Device:
[Expert@firewall01:0]# tecli advanced remote add <IP_ADDRESS>
To display the available devices:
[Expert@firewall01:0]# tecli advanced remote show
Once at least one device has been added Install Threat Prevention Policy in Smart Dashboard

Removing a new Remote TE Device:
[Expert@firewall01:0]# tecli advanced remote remove <IP_ADDRESS>
To display the available devices:
Install Threat Prevention Policy in Smart Dashboard for removal to take effect

Deactivating support for multiple remote TE devices:
[Expert@firewall01:0]# tecli advanced remote deactivate
Output will display following:
Multiple private cloud appliances is now deactivated
 
Please remember to install policy to apply changes!

Install Threat Prevention Policy in Smart Dashboard for deactivation to take effect.

***Note: All changes have to be executed on



Current Production Configuration:
Device Name: hng0301te01 – 1 gig connection
Boston Internet Firewall – local emulation (hng0301te01)
Hingham Internet Firewall – local emulation (hng0301te01)
Nondeavpn Firewall – local emulation (hng0301te01)

Engine Settings:
Threat Emulation Connection Handling Mode:
Background – Connections are allowed until emulation is complete.
Maximum file size for emulation:
30000 (kb) – 30 (mb)
------------------------------------------------------------------------------------------------------------------------------------------
Proposed Production Configuration:
Device Names: bos0105te01, hng0301te02 - 1 gig Mgmt, 10 gig Prod Traffic
Boston Internet Firewall – local emulation (bos0105te01)
Hingham Internet Firewall – local emulation (hng0301te02)
Nondeavpn Firewall – local emulation (bos0105te01)
Bosvpn Firewall – local emulation (bos0105te01)
Hinvpn Firewall – local emulation (hng0301te02)

Failover option – Multiple Private Threat Cloud Appliances:
Engine Settings:
Threat Emulation Connection Handling Mode:
Background – Connections are allowed until emulation is complete.
Maximum file size for emulation:
30000 (kb) – 30 (mb)

TE1000X Appliances upgraded:
·         Major Software Version - CPUSE – R77.30
·         CPUSE - 1130
·         TE Engine Version - 47.990001022
·         Jumbo Hotfix Accumulator - 205
[Expert@bos0105te01:0]# fw ver
This is Check Point's software version R77.30 - Build 034
[Expert@bos0105te01:0]# installed_jumbo_take        
R77.30 Jumbo Hotfix Accumulator take_205 is installed, see sk106162.
[Expert@bos0105te01:0]# tecli advanced engine version
Threat emulation engine version is: 47.990001022
bos0105te01> show installer status build
Build number: 1130 (agent build is up to date)

 [Expert@hng0301te02:0]# fw ver
This is Check Point's software version R77.30 - Build 034
[Expert@hng0301te02:0]# installed_jumbo_take
R77.30 Jumbo Hotfix Accumulator take_205 is installed, see sk106162.
[Expert@hng0301te02:0]# tecli advanced engine version
Threat emulation engine version is: 47.990001022
hng0301te02> show installer status build
Build number: 1130 (agent build is up to date)

Update Malware DNS traps:
·         Add hundns.bcbsma.com

TE Engine checks


12