Creating Azure Public IP Ranges as destination object
We would like to create Azure Public IP ranges as destination object in Checkpoint R80.10 vSEC firewalls
Microsoft publishes its IP ranges as XML (https://www.microsoft.com/en-us/download/details.aspx?id=41653). Does anyone have an idea on how to import the .xml file into checkpoint firewalls using REST API or some other means
Thanks Dameon for providing the script
It was nice meeting you in CPX360. From Technology Innovation labs, I thought Checkpoint is going to release Office 365 addresses as dynamic objects in R80.20. Wish they include Azure ranges as well in R80.20
Any news on this? MS is now encouraging everyone not to use the XML but their API https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service
I would love to get those IP ranges and URL lists into my R80.20 management and (most of all) keep them updated.
I also have to allow the following wildcard Azure domians through the Firewall, but the wildard would need to resolve to an IP address. Is there a way this can be achieved in R80.20?
Many Thanks in advance
I have this same problem and am looking at this as a possible solution:
This currently supports whitelisting of AWS, Azure, Office365, Zoom, Slack, WebEx, Dropbox, Okta, and Intune (whatever the heck that is). My concern however is it mentions the DNS servers of the Checkpoint gateway should be the same as the endpoints, which implies it's doing real-time DNS lookups rather than downloading/refreshing set databases.