Thanks @PhoneBoy . Do you happen to know if there are any listed blade requirements? Do not see anything listed in SK167210 

No specific requirements that I'm aware of.

Thanks.

Can we add URLs as well in the Generic Data Center objects ? 

Like I get a list of 200 URLs from the infosec team which I need to block. I'll have to first get the IP addresses of all the URLs and then create the list and update. 

Is there other way to do this ? 

I dont think you can. For URLs, you can have excel csv file with the list, then import it into custom urlf object.

Andy

Got to know that we can use Network feeds which are supported in R81.20. 

The feed can contain IP addresses (single or ranges), domains, or both.

For example:

• Single IP (1.1.1.1)

• Range (1.1.1.1-2.2.2.2)

• IP + masklen (1.1.1.1/24)

• FQDN domain (google.com)

• Non-FQDN domain (*.google.com)

Right, but you cant add fqdn manually into it.

Andy

Hi @the_rock 

quite didn't get you :  "can't add fqdn manually into it" - Do you mean custom fqdn(madeup) ? 

In the SK it shows we can add domains into the file. 

I meant you cant add custom right in the object itself. You can to a file, as long as format is right.

Andy

Also, worth mentioning on top of what @PhoneBoy said, for network feeds, you can NOT use path on mgmt server, like you can for generic data center object, but as he said, data center objects dont support urls, ONLY IP addresses.

Andy

By the way @_khard, below is what I was referring to.

Andy

Upgrade to R81.20 and use Network Feed objects, which support this.
Generic DataCenter objects only support IPs.

The proper way to do Geo Policy from R80.20 is actually to use Updatable Objects in the Access Policy.
This is far more flexible than the traditional Geo Policy.
We hide the Geo Policy by default in R81+ if you haven't configured any rules and can 'unhide' it if you prefer.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

Man, you are the best! You are always there for an answer, no matter what the question is : ). Reminds me of good old Pierre Lamy (Im positive you know who Im talking about ; )

Andy

I'm very familiar with him 🙂

As long as we are requesting new updatable objects...how about an updatable object for Check Point services (e.g. updates.checkpoint.com, cws.checkpoint.com). We rely heavily on geo-blocking, and would prefer to only allow our gateways and management to talk only to Check Point URLs, instead all of Israel (we currently block Asia, and have exception for Israel for our gateways/management).

Dave

I agree 100%. It would also be awesome if countries could be put in a network group, because some geo rules look like "hot mess" if you have 20 countries in there.

Andy

I totally agree, and mentioned the exact same thing.  It seems a little short sighted of Checkpoint not to include its own cloud services as an updateable object, come on Checkpoint make it happen.  I can't believe it will take  much effort to do it.

Yea well, tell that to someone in R&D ; )

I guess we are, R&D are on this forum and should be listening to what I hope is taken as a constructive improvement suggestion.  

Lets see...based on previous experience, I am 99.999% sure it wont happen any time soon...but, lets hope Im wrong : )

I did speak to a couple of Check Point persons at last year's CPX about this very request (can't remember exactly who off the top of my head, but they were in the group that would handle this particular feature), and when I asked for an updatable object for Check Point services, they both got a look on their face like "why didn't we think of that?"

Dave

Right now the actual encryption domain can't really change "on the fly" as those objects can and do.
We do have a script that can assist with this (at least for Office 365) which I imagine could also be adapted for Zoom usage as well.

Would this script be publically available? 🙂

(kind-of hijacking Jordan's thread, but the assumed IP list scraping might by a common base for both purposes)

Steffen