- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: Azure Datacenter Object - VM, Subnet and VMSS ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
			
				
					
						
							Azure Datacenter Object - VM, Subnet and VMSS only?
						
					
					
				
			
		
	
		
	
	
	
	
	
	
	
	
			
					
				
		
	
Are there any plans to support importing application services? 
Reviewing: CloudGuard Controller for Microsoft Azure (checkpoint.com)
States that we can import VNETS, subnets, Virtual Machines, or VMSS. My org uses a ton of app services and i was hoping to use this datacenter import in place of updateable objects that include less specific ranges for azure services in a region.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Sam2 ,
Can you please provide a specific example? It may be possible to improve Updatable Objects to get to the level of specificity you require. In the meantime, have you taken a look at External Network Feeds? That might fit the bill here.
Best Regards!
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am looking to import addresses listed in the networking section under a web app/app service in azure, i cannot share screenshots as they would be specific to my organization. 
I can take a look at external network feeds.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Sam
To import IPs from Azure web apps or app services, you can use the CloudGuard controller with tags applied to the app services. This will allow you to effectively populate the IP addresses.
Please note that we do not currently support importing app services alone natively, which is why the Tag functionality is necessary.
Best Regards,
Dan Morris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Dan, 
I tagged the resources but the new tags are not showing in dashboard when i check the datacenter object, is there another step i need to take to get the tags to appear? I can see the subscription and the VMs in the resource group i am working on. Just missing the tags on the webapps. 
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As you mentioned , we can import dynamic objects from your Azure account like VMs, Subnets, vNets, tags etc.
you need to follow the admin guide in order to create a DC center object of your azure subscription and this will allow you to pull these objects and use them in the rules as source or destination.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reviving this thread as its come up again for me. 
I have a datacenter object with azure, it is connected using a service principal and working. I can open it up and see all my subscriptions, I can see virtual networks and all the supported azure resource
As a test i created a new tag called "SamTag" i applied one version of this tag to a VM and another version of this tag to an App service. Refreshing my DC object for azure and looking in tags I can only see the tag that was applied to the VM, Is this expected behavior? 
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not supported on App service AFAIK.
You can see supported resources here: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_CloudGuard_Controller_AdminG...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Sam2 ,
For the app services that you want to use in the security policy as data center object, would you like to inspect the traffic only for the public ip ?
 
					
				
				
			
		


 
					
				
		
 
		
			 
					
				
		
 
		
		
		
		
		
	
			 
		
		
		
		
		
	
			 
					
				