Configuring Threat Prevention Settings on VSX Gateways

To enable Anti-Bot, Anti-Virus, or IPS on Virtual Systems

Important:

Make sure the routing, DNS, and proxy settings for the VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0. or VSX Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members (VS0) are configured correctly.
You must enable and configure the Software Blades in these objects:
- VSX Gateway or VSX Cluster (because VS0 handles contract validation for all Virtual Systems).
- Applicable Virtual Systems.
Make sure the VSX Gateway or VSX Cluster and the applicable Virtual Systems can connect to the Internet.

Virtual Systems get updates through the VSX Gateway or VSX Cluster (VS0).

If the VSX Gateway or VSX Cluster fails to connect, each Virtual System uses its proxy settings to get the updates from the Internet.

Step	Instructions
1	If applicable, configure proxy settings for the VSX Gateway or VSX Cluster (VS0) or the Virtual Systems (or both) in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.: From the left navigation panel, click Gateways & Servers. Double-click the VSX Gateway or VSX Cluster object (or the applicable Virtual System object). From the navigation tree, click Topology > Proxy. Configure the proxy settings. Click OK
2	Enable the Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. on the VSX Gateway or VSX Cluster (VS0): Double-click the applicable VSX Gateway or VSX Cluster object. From the navigation tree, click General Properties. On the Threat Prevention tab, select any or all of these Software Blades: Anti-Bot Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT. Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV. IPS Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System). When you enable these Software Blades, the First Time Activation window opens. You must select: According to the policy Detect only From the navigation tree, click and configure the Software Blades you enabled. Click OK.
3	Enable the Software Blade on the applicable Virtual Systems: Expand the VSX Gateway or VSX Cluster object and double-click the applicable Virtual System object. From the navigation tree, click General Properties. On the Threat Prevention tab, select any or all of these Software Blades (the same you selected in the VSX Gateway or VSX Cluster object): Anti-Bot Malicious software that neutralizes Anti-Virus defenses, connects to a Command and Control center for instructions from cyber criminals, and carries out the instructions. Anti-Virus IPS When you enable these Software Blades, the First Time Activation window opens. You must select: According to the policy Detect only From the navigation tree, click and configure the Software Blades you enabled. Click OK.
4	Configure the Threat Prevention policies for: The VSX Gateway or VSX Cluster (VS0). The applicable Virtual Systems.
5	Install the default VSX policy on the VSX Gateway or VSX Cluster. This policy is called: `<Name of VSX Gateway or VSX Cluster Object>_VSX`
6	Install the Threat Prevention policy: On the VSX Gateway or VSX Cluster (VS0). On the applicable Virtual Systems (and Access Control Policy, if needed).

To enable Threat Emulation on Virtual Systems

Important:

Make sure the routing, DNS, and proxy settings for the VSX Gateway or VSX Cluster Members (VS0) are configured correctly.
Do not enable the Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. Software Blade in the VSX Gateway or VSX Cluster object, because it does not participate in the Threat Emulation process.

Step	Instructions
1	If applicable, configure proxy settings for the VSX Gateway or VSX Cluster (VS0), or the Virtual Systems (or both) in SmartConsole: From the left navigation panel, click Gateways & Servers. Double-click the VSX Gateway or VSX Cluster object (or the applicable Virtual System object). From the navigation tree, click Topology > Proxy. Configure the proxy settings. Click OK
2	Enable Threat Emulation on the applicable Virtual Systems: Expand the VSX Gateway or VSX Cluster object and double-click the applicable Virtual System object. From the navigation tree, click General Properties. On the Threat Prevention tab, select the Threat Emulation Software Blade. The Threat Emulation First Time Activation Wizard opens. Configure the Emulation Location. In the Summary window, click Finish. From the navigation tree, click and configure the Software Blades you enabled. Click OK.
3	Configure the Threat Prevention policies for the applicable Virtual Systems.
4	Install the Threat Prevention policy on the applicable Virtual Systems (and Access Control Policy, if needed).

To enable Threat Extraction on Virtual Systems

Important:

Make sure the routing, DNS, and proxy settings for the VSX Gateway or VSX Cluster Members (VS0) are configured correctly.
Enable the Threat Extraction Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX. Software Blade on the VSX Gateway or VSX Cluster object..

Step	Instructions
1	If applicable, configure proxy settings for the VSX Gateway or VSX Cluster (VS0) or the Virtual Systems (or both) in SmartConsole: From the left navigation panel, click Gateways & Servers. Double-click the VSX Gateway or VSX Cluster object (or the applicable Virtual System object). From the navigation tree, click Topology > Proxy. Configure the proxy settings. Click OK
2	Enable Threat Extraction on the applicable Virtual Systems: Expand the VSX Gateway or VSX Cluster object and double-click the applicable Virtual System object. From the navigation tree, click General Properties. On the Threat Prevention tab, select the Threat Extraction Software Blade. The Threat Extraction First Time Activation Wizard opens. In the Next Hop Configuration window: If the Virtual System has to scan email attachments, you must enable the Mail Transfer Agent Feature on a Security Gateway that intercepts SMTP traffic and forwards it to the applicable inspection component. Acronym: MTA. (MTA) and configure the Domain and Next Hop. See Mail Transfer Agent. If the Virtual System does not have to scan email attachments, select Skip this configuration now, and then click Next. In the Summary window, click Finish. From the navigation tree, click and configure the Software Blades you enabled. Click OK.
3	Enable Threat Extraction support for web traffic over the HTTP and HTTPS protocols: From the left navigation panel, click Security Policies. In the top section, click Threat Prevention. In the lower section Custom Policy Tools, click Profiles. Double-click the applicable profile with enabled Threat Extraction Software Blade. From the navigation tree, click Threat Extraction > General. In the Protocol section, select Web (HTTP/HTTPS). Click OK.
4	Configure the Threat Prevention policies for: The VSX Gateway or VSX Cluster (VS0). The applicable Virtual Systems.
5	Install the default VSX policy on the VSX Gateway or VSX Cluster. This policy is called: `<Name of VSX Gateway or VSX Cluster Object>_VSX`
6	Install the Threat Prevention policy: On the VSX Gateway or VSX Cluster (VS0). On the applicable Virtual Systems (and Access Control Policy, if needed).