topic Re: Updateable Objects - Office 365 in Firewall and Security Management

Updateable Objects - Office 365

Networks_Team_B — Mon, 10 Mar 2025 12:14:21 GMT

Hello All,

How accurate are the Update Objects for Microsoft

Can we be sure they cover the URLs listed in the Microsoft Documentation

Do they cover the Allow and Optimise categories?

Many thanks

Re: Updateable Objects - Office 365

masher — Mon, 10 Mar 2025 13:13:24 GMT

Check Point pulls directly from Microsoft for this information. sk131852 has more information including limitations.

https://support.checkpoint.com/results/sk/sk131852

Re: Updateable Objects - Office 365

Henrik_Noerr1 — Mon, 10 Mar 2025 16:43:25 GMT

I will say in general they work well for us - I am sure however that we also in some cases have broad firewall rules somewhere below in the rule base catching any missing IP missed by the Updateable Objects.

Some pitfalls we see, where some are listed directly, and some are implicit demands due to architecture:

- Are your outbound internet firewall using the same dns server as clients? If not, there could be cache/geo issues with lookups.

- Is it even the same firewall, the client and internet firewalls? Updateable Objects often contain wildcard fqdns. This requires DNS passive learning to work. If the firewalls are different there is no way to share Updatable Object information between them. A low key solution is to enable passive learning on both, and hope that your dns servers does not use DoH, DoT, or DNSCrypt. But how is sync between the two firewalls ensured? and how do you measure it? Is FQDN resolved to cache at the same time for the two firewalls?

So in conclusion for clients asking the answer I give is always - It works, (maybe always?). Which is of course not the best answer in the world.

Regards,

Henrik

Re: Updateable Objects - Office 365

the_rock — Mon, 10 Mar 2025 22:29:58 GMT

From all I had seen in R81.20 and R82, they are very accurate.

Andy