Solved: Re: Can we create custom updatable objects in R80....

Blason_R · ‎2019-03-18

Hi folks,

I guess the fantastic thing about CheckPoint what I like is auto-updatable objects. Further to that, I guess we can create our own customized auto-updatable objects [not sure though]

Can someone please confirm? I did not find much information either, nor any SK written about those hence wondering if a community can help here?

Thanks and Regards,

Blason R

Stuart_Green1 · ‎2019-03-20

Here you are - it's written to pull in the O365 IP addresses from Microsoft and update a group in the policy.

https://github.com/sg84/cp_dynamic_objects/blob/master/o365updater.py

View solution in original post

Black_Cyborg · ‎2019-03-20

Use this script and adapt it:

- GEO Location Objects in Firewall Policy (with Dynamic Objects)

View solution in original post

Jerry · ‎2019-03-19

https://community.checkpoint.com/t5/How-To-Videos/R80-20-Identity-Tags-and-Updatable-Objects/m-p/463...

Jerry

Blason_R · ‎2019-03-19

Yep, I agree, but wanted to know if I can create my own Updatable objects? Like I am maintaining IP addresses in the URL https://test.example.com/ip.list. So can I create my own updatable object to pull IP address list from this URL and use in rule base?

Thanks and Regards,

Blason R

PhoneBoy · ‎2019-03-19

Custom updatable objects that operate like the ones we added in r80.20 are planned for future releases.

Blason_R · ‎2019-03-20

Thanks for the reply...

Stuart_Green1 · ‎2019-03-20

I've got some Python code that might be useful - it's for a demo on how to use the R80.x API to retrieve external content, do a little processing and then feed that into the policy via API calls. Once I find somewhere to host it I'll post the link.

Stuart_Green1 · ‎2019-03-20

Here you are - it's written to pull in the O365 IP addresses from Microsoft and update a group in the policy.

https://github.com/sg84/cp_dynamic_objects/blob/master/o365updater.py

Blason_R · ‎2019-03-20

That's awesome buddy!! Thanks a ton. Let me have a look at it.

David_Klein · ‎2020-05-27

Have any updates to the Custom Updatable Objects functionality been updated in R80.40? Any documentation maybe?

PhoneBoy · ‎2020-05-27

Planned for R81.

Black_Cyborg · ‎2019-03-20

Use this script and adapt it:

- GEO Location Objects in Firewall Policy (with Dynamic Objects)

genisis__ · ‎2020-12-04

Do we know if Checkpoint are going to create an updatable object for there own services for updates. In this way we could have a firewall rule allowing the GW itself to go out to the Checkpoint Cloud for http/https connection. This would then cover all services such as all the TP blade updates.

PhoneBoy · ‎2020-12-04

We have what is required explicitly listed in sk83520, though I imagine some of it could be made into Updatable Objects.

Thomas_Eichelbu · ‎2021-03-04

Hello Guys,

i bet the solution you are looking for is here:
"Generic Data Center feature" sk167210

The Generic Data Center feature provides the ability to enforce access to/from IP addresses defined in JSON files located in external web servers or locally on the Security Management machine. The Generic Data Center objects are updated automatically on the Security Gateway each time the JSON file change. There is no need to install policy for the updates to take effect. Objects created based on these files can be used as a source, or a destination in the following policies: Access Control policy, NAT policy, Threat Prevention policy, HTTPS Inspection policy.

best regards
Thomas

Can we create custom updatable objects in R80.20

extract all the zero hit count policies and add a ...

Issues with ThreatExtraction via API to ThreatClou...

vsx stat -l in json format

Removing a Protocol from a Service Object?

Web API issue

Are you a member of CheckMates?