https://community.checkpoint.com/t5/Cloud-Firewall/use-CIDR-in-firewall-rules-from-Cloud-datacenter-objects/m-p/163257#M721 <P>Note Private Endpoint support for Azure was added with R81.20.</P> <P><A href="https://sc1.checkpoint.com/documents/r81.20/webadminguides/en/cp_r81.20_cloudguard_controller_adminguide/content/topics-cgrdg/what-is-new.htm" target="_blank" rel="noopener">https://sc1.checkpoint.com/documents/r81.20/webadminguides/en/cp_r81.20_cloudguard_controller_adminguide/content/topics-cgrdg/what-is-new.htm</A></P> <P>&nbsp;</P> Sat, 26 Nov 2022 22:50:09 GMT Chris_Atkinson 2022-11-26T22:50:09Z https://community.checkpoint.com/t5/Cloud-Firewall/use-CIDR-in-firewall-rules-from-Cloud-datacenter-objects/m-p/163091#M720 <P>Hey everyone,</P><P>&nbsp;</P><P>I have configured a datacenter object for Azure (R81.10 HF66 on MDS&nbsp; + GWs).</P><P>&nbsp;</P><P>The datacenter object is retrieving correctly the subscription.</P><P>&nbsp;</P><P>Looking at "Network by Subscriptions, Virtual Networks, subnets", the CIDR for networks are shown in the "Note" field.</P><P>However it seems that when one of these objects is used in a rule, only the discovered IPs ("IP" field) are actually used to populate the firewall rule.&nbsp;<SPAN>This is a problem because the discovery finds VMs but not other type of objects (e.g. private endpoints).</SPAN></P><P>&nbsp;</P><P>Is it possible to use these objects as plain subnets and not as a list of discovered IPs?</P><P>&nbsp;</P><P>Thanks</P> Thu, 24 Nov 2022 16:27:55 GMT https://community.checkpoint.com/t5/Cloud-Firewall/use-CIDR-in-firewall-rules-from-Cloud-datacenter-objects/m-p/163091#M720 reloadin5 2022-11-24T16:27:55Z https://community.checkpoint.com/t5/Cloud-Firewall/use-CIDR-in-firewall-rules-from-Cloud-datacenter-objects/m-p/163257#M721 <P>Note Private Endpoint support for Azure was added with R81.20.</P> <P><A href="https://sc1.checkpoint.com/documents/r81.20/webadminguides/en/cp_r81.20_cloudguard_controller_adminguide/content/topics-cgrdg/what-is-new.htm" target="_blank" rel="noopener">https://sc1.checkpoint.com/documents/r81.20/webadminguides/en/cp_r81.20_cloudguard_controller_adminguide/content/topics-cgrdg/what-is-new.htm</A></P> <P>&nbsp;</P> Sat, 26 Nov 2022 22:50:09 GMT https://community.checkpoint.com/t5/Cloud-Firewall/use-CIDR-in-firewall-rules-from-Cloud-datacenter-objects/m-p/163257#M721 Chris_Atkinson 2022-11-26T22:50:09Z https://community.checkpoint.com/t5/Cloud-Firewall/use-CIDR-in-firewall-rules-from-Cloud-datacenter-objects/m-p/163452#M722 <P>Hi Chris,</P><P>thanks for your reply.&nbsp;</P><P>&nbsp;</P><P>Reading <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk176726&amp;partition=Basic&amp;product=CloudGuard" target="_self">here&nbsp;&nbsp;</A>it looks like this should work on R81.10 HF66 (<SPAN>Azure R81.10 – minimum requirements: Jumbo hotfix Take 14)</SPAN></P><P><SPAN>I have added "<SPAN>azure.enableAsgAndPep=true" in&nbsp;$MDSDIR/conf/vsec.conf (both mdsenv global and on the domain that is running cme)&nbsp;</SPAN></SPAN><SPAN>as described <A href="https://community.checkpoint.com/t5/Cloud-Network-Security/CloudGuard-Controller-Support-New-Object-Types/td-p/131743" target="_self">here</A>&nbsp;</SPAN></P><P><SPAN><SPAN>Restarted both vsec and cme, however we still do not see the private endpoint object types.</SPAN></SPAN></P><P>&nbsp;</P><P><SPAN><SPAN>Do you have any advice on how to debug this (to check if this is a permissions issue, maybe)?</SPAN></SPAN></P><P>&nbsp;</P><P>And other than including private endpoint in the discovery, is there any way to just get the CIDR and use it in the firewall rule?</P><P>&nbsp;</P><P><SPAN><SPAN>Thanks</SPAN></SPAN></P> Tue, 29 Nov 2022 07:53:58 GMT https://community.checkpoint.com/t5/Cloud-Firewall/use-CIDR-in-firewall-rules-from-Cloud-datacenter-objects/m-p/163452#M722 reloadin5 2022-11-29T07:53:58Z https://community.checkpoint.com/t5/Cloud-Firewall/use-CIDR-in-firewall-rules-from-Cloud-datacenter-objects/m-p/163708#M723 <P>If it's not working as expected please take it to TAC for investigation.</P> <P>If you need the CIDR manual objects can be created as a workaround.</P> <P>My assumption being we don't interpret things this way for security reasons so things aren't blindly allowed unexpectedly but I could be mistaken. Having the choice for different behaviour is likely an RFE to be discussed with your local SE.</P> Wed, 30 Nov 2022 13:16:00 GMT https://community.checkpoint.com/t5/Cloud-Firewall/use-CIDR-in-firewall-rules-from-Cloud-datacenter-objects/m-p/163708#M723 Chris_Atkinson 2022-11-30T13:16:00Z