This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Finner1976
Participant
‎2023-01-10 07:25 AM
Jump to solution

Generic Data Center / IP addresses JSON

Working on Checkpoint Appliances R81.10
OS Gaia

 

I need to create a security rule that will permit  from a source (frequently changing CIDR block) to an internal host on 443

For example:

source(https://ip-ranges.atlassian.com] destinaion (static nat ip > internal host] on port 443

The challenge I am trying to overcome is the src ip's will change frequently. Looking at the documentation there looks to be a feature that supports this 

Generic Data Center feature (checkpoint.com)

However when I create the object I get an error when importing it to the rule. All it says failed to import and check the logs.

 

Is there any other way to achieve this without having to manually check when the source json changes?

0 Kudos
3 Solutions

Accepted Solutions
Micky_Michaeli
Employee
Employee
‎2023-01-10 10:49 AM
In response to PhoneBoy
Jump to solution

Hi @PhoneBoy , @Finner1976 

This is exactly the reason we created Network Feed in R81.20, to provide customers the ability to use JSON feeds (or lists) in their policy easily.

My recommendation is to upgrade to R81.20 and use the Network Feed option.

Thanks.

View solution in original post

0 Kudos
(1)
Sorin_Gogean
Advisor
‎2023-01-10 11:15 AM
Jump to solution

Hello Finner1976,

We have created GDC objects based on JSON files, and as long as the JSON is valid and it respects the format required, you should be good.

One thing I had noticed, is that if we were to combine IPV4 with IPV6, it would fail loading and give an error, so can you look into that.

As I looked to the file from Atlassian, its an JSON but the format is not good for importing into Checkpoint GDC. So, can you share the process/script you're using to convert the data to JSON, or you didn't convert it .

Thank you,

View solution in original post

0 Kudos
(1)
PhoneBoy
Admin
Admin
‎2023-01-13 09:23 AM
In response to PhoneBoy
Jump to solution

To assist in creating a properly formatted JSON file, you can use the following command to get all the IP ranges (in CIDR format) from the website:

curl https://ip-ranges.atlassian.com | jq '.items[].cidr' 

This can be part of a script that periodically generates a properly structured JSON file that will be acceptable by the Generic Datacenter feature. 
Or you can likely use '.items[].cidr' as the filter when configuring the website as part of the Network Feeds feature in R81.20.

View solution in original post

0 Kudos
(1)
4 Replies
PhoneBoy
Admin
Admin
‎2023-01-10 10:09 AM
Jump to solution

Generic Datacenter Objects use the CloudGuard Controller infrastructure.
This implies:

  • The management server can reach the server hosting the JSON file (assuming you didn't specify a local file)
  • You should see errors in $FWDIR/log/cloud_proxy.elg

The specified JSON file (be it by URL or local file) must be in the format specified in sk167210.
If you're using the contents of https://ip-ranges.atlassian.com "as-is" it won't work.

Which leaves you with a couple of options:

  • Convert this JSON file into a supported format (either an appropriately constructed JSON file or maybe a CSV to use with ioc_feeds, see sk132193).
  • Upgrade to R81.20 and use the Network Feed option, which will require creating a jq query to pull out the data we care about from the JSON file.

Having said that, given this vendor provides information in a structured format, it seems like a nice candidate for an Updatable Object.
Tagging @Micky_Michaeli 
If we end up making this an Updatable Object, you'll be able to import it into your Access Policy.

0 Kudos
Micky_Michaeli
Employee
Employee
‎2023-01-10 10:49 AM
In response to PhoneBoy
Jump to solution

Hi @PhoneBoy , @Finner1976 

This is exactly the reason we created Network Feed in R81.20, to provide customers the ability to use JSON feeds (or lists) in their policy easily.

My recommendation is to upgrade to R81.20 and use the Network Feed option.

Thanks.

0 Kudos
(1)
PhoneBoy
Admin
Admin
‎2023-01-13 09:23 AM
In response to PhoneBoy
Jump to solution

To assist in creating a properly formatted JSON file, you can use the following command to get all the IP ranges (in CIDR format) from the website:

curl https://ip-ranges.atlassian.com | jq '.items[].cidr' 

This can be part of a script that periodically generates a properly structured JSON file that will be acceptable by the Generic Datacenter feature. 
Or you can likely use '.items[].cidr' as the filter when configuring the website as part of the Network Feeds feature in R81.20.

0 Kudos
(1)
Sorin_Gogean
Advisor
‎2023-01-10 11:15 AM
Jump to solution

Hello Finner1976,

We have created GDC objects based on JSON files, and as long as the JSON is valid and it respects the format required, you should be good.

One thing I had noticed, is that if we were to combine IPV4 with IPV6, it would fail loading and give an error, so can you look into that.

As I looked to the file from Atlassian, its an JSON but the format is not good for importing into Checkpoint GDC. So, can you share the process/script you're using to convert the data to JSON, or you didn't convert it .

Thank you,

0 Kudos
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events