Hi 各位看官,
在R77版本中的fw policy中的物件若要使用domain object會有DNS反查的問題, 這使得在R77中的fw policy非常不彈性
之前遇到user想開放某幾個網址給內部的防毒主機去做更新, 在R77卻是不好處理.
我這邊參考sk106251以及skI1915做法, 利用nslookup去查詢目的網址IP, 取得結果放到Dynamic Objects, 這樣一來就可以解決上述問題...
作法如下:
1. 建立Dynamic Objects, 如要網址是4.sophosxl.net, 則建立DO_4.sophosxl.net, 若是www.google.com, 則建立DO_www.google.com
2. Run Script , (script動作大致如下)
~nslookup查詢網址IP, 並暫存到Dynamic Objects
~將上述動作寫到/var/log/messages
~建立Job Scheduler
ps.Script內如無須修改參數, 直接執行即可...
執行語法:
./dyno_nslookup.sh 4.sophosxl.net 1 15
4.sophosxl.net>代表要nslookup的網址
1>代表建立Job Scheduler
15>代表每15分鐘nslookup一次
Script內說明:
執行畫面如下, 若在Job Scheduler有設定mail通知, 會將此次與上次的nslookup 結果mail給相關人員
若有個網址請在多建立Dynamic Objects, 並再跑一次script
若要刪除的話, 請刪除物件及Job Scheduler即可...
以上供大家參考...
根據SK,,,,R80應該也適用, 但R80以解決此一問題 
Tue 19 Nov 2024 @ 03:00 PM (CET)
AI Series Part 3: Maximising AI to Drive Growth and Efficiency (EMEA)Tue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 05:00 PM (CET)
Under the Hood: DO NOT Renew your WAF without watching THIS!!Wed 20 Nov 2024 @ 02:00 PM (MST)
Denver South: Infinity External Risk Management and Harmony SaaSTue 19 Nov 2024 @ 03:00 PM (CET)
AI Series Part 3: Maximising AI to Drive Growth and Efficiency (EMEA)Wed 20 Nov 2024 @ 05:00 PM (CET)
Under the Hood: DO NOT Renew your WAF without watching THIS!!Mon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 26 Nov 2024 @ 05:00 PM (CET)
Discover the Future of Cybersecurity: What’s New in Check Point’s Quantum Firewall R82Tue 19 Nov 2024 @ 12:00 PM (MST)
Salt Lake City: Infinity External Risk Management and Harmony SaaSWed 20 Nov 2024 @ 02:00 PM (MST)
Denver South: Infinity External Risk Management and Harmony SaaSThu 21 Nov 2024 @ 02:00 PM (MST)
Denver North: Infinity External Risk Management and Harmony SaaSTue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management Workshop
