- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Creating Azure Public IP Ranges as destination obj...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Creating Azure Public IP Ranges as destination object
Team,
We would like to create Azure Public IP ranges as destination object in Checkpoint R80.10 vSEC firewalls
Microsoft publishes its IP ranges as XML (https://www.microsoft.com/en-us/download/details.aspx?id=41653). Does anyone have an idea on how to import the .xml file into checkpoint firewalls using REST API or some other means
Thanks,
Chandru
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is something we are planning to add support for in R80.20
Meanwhile, you can use the following script to do it: https://community.checkpoint.com/docs/DOC-2023-check-point-code-sample-template
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Dameon for providing the script
It was nice meeting you in CPX360. From Technology Innovation labs, I thought Checkpoint is going to release Office 365 addresses as dynamic objects in R80.20. Wish they include Azure ranges as well in R80.20
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe from past conversations with R&D that support for Azure ranges is also planned.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any news on this? MS is now encouraging everyone not to use the XML but their API https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service
I would love to get those IP ranges and URL lists into my R80.20 management and (most of all) keep them updated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
I also have to allow the following wildcard Azure domians through the Firewall, but the wildard would need to resolve to an IP address. Is there a way this can be achieved in R80.20?
*.aadcdn.microsoftonline-p.com
*.aka.ms
*.applicationinsights.io
*.azure.com
*.azure.net
*.azureafd.net
*.azure-api.net
*.azuredatalakestore.net
*.azureedge.net
*.loganalytics.io
*.microsoft.com
*.microsoftonline.com
*.microsoftonline-p.com
*.msauth.net
*.msftauth.net
*.trafficmanager.net
*.visualstudio.com
*.windows.net
*.windows-int.net
Many Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have example scripts, which I use in production, doing this with psCheckPoint for Azure, AWS & O365 IPs.
psCheckPoint/Examples/GroupSync at master · tkoopman/psCheckPoint · GitHub
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have this same problem and am looking at this as a possible solution:
Updatable Objects in R80.20 and above
This currently supports whitelisting of AWS, Azure, Office365, Zoom, Slack, WebEx, Dropbox, Okta, and Intune (whatever the heck that is). My concern however is it mentions the DNS servers of the Checkpoint gateway should be the same as the endpoints, which implies it's doing real-time DNS lookups rather than downloading/refreshing set databases.