iApp template to integrate F5 BIG-IP with Check Point SandBlast ICAP server

Problem this snippet solves:

This is an iApp template that creates ICAP related elements (nodes, pool, internal virtual server, profiles). The newly created request and response adapt profiles can be used by standard virtual servers so they can interact with a Check Point SandBlast ICAP Server.

How to use this snippet:

How to use the iApp template

• Download the iApp template f5.checkpoint_sandblast_icap.tmpl from the link below. https://github.com/nvansluis/f5.checkpoint_sandblast_icap

• Login to the Configuration Utility and import the iApp: iApps > Templates > Import

• Deploy a new application by using the iApp: iApps > Application Services > Applications > Create

• Click Finished to deploy the iApp. You will see the components that have been configured.

• You can now use the newly created Request and Response Adapt profiles and attach them to a Virtual Server that has been configured with a HTTP profile.

Testing Check Point SandBlast

Below you'll see some screenshots of what happens when a user attempts to upload or download malicous files.

Malicious uploads

• Upload a file that triggers Threat Emulation (Zero-Day Protection).

• The upload of this malicious file is prevented by Check Point SandBlast.

• Here you can see the log message that is created by Check Point.

Malicous downloads

• A user tries to download a malicious file.

• The download of a malicious file is prevented by Check Point SandBlast.

• Below of an example what log message is created by Check Point.

About Check Point SandBlast

For more detailed information about how to configure a Check Point SandBlast ICAP server see:

https://community.checkpoint.com/docs/DOC-3184-f5-big-ip-icap-and-sandblast-tex

Code :

https://github.com/nvansluis/f5.checkpoint_sandblast_icap