Troubleshooting the Threat Extraction Blade

This section covers common problems and solutions.

Troubleshooting Threat Emulation

Using MTA with ClusterXL

When you enable MTA with a ClusterXL deployment, make sure that the standby cluster memberClosed Security Gateway that is part of a cluster. is also able to connect to one or more of the next hops. If not, it is possible that when there is a failover to the standby member, emails in the MTA do not go to their destination.

Configuring Postfix for MTA

The Check Point MTA uses Postfix, and you can add custom user-defined Postfix options.

Problems with Email Emulation

Best Practice - If you are blocking SMTP traffic with the PreventClosed UserCheck rule action that blocks traffic and files and can show a UserCheck message. action, we recommend that you enable MTA on the Security Gateway (see Configuring the Security Gateway as a Mail Transfer Agent). If you do not enable the MTA, it is possible that emails are dropped and do not reach the mail server.

Troubleshooting IPS for a Security Gateway

IPSClosed Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System). includes the ability to temporarily stop protections on a Security Gateway set to Prevent from blocking traffic. This is useful when troubleshooting an issue with network traffic.