This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Chandhrasekar_S
Collaborator
‎2018-02-12 06:42 AM

Creating Azure Public IP Ranges as destination object

Team,

We would like to create Azure Public IP ranges as destination object in Checkpoint R80.10 vSEC firewalls

Microsoft publishes its IP ranges as XML (https://www.microsoft.com/en-us/download/details.aspx?id=41653). Does anyone have an idea on how to import the .xml file into checkpoint firewalls using REST API or some other means

Thanks,

Chandru

7 Replies
PhoneBoy
Admin
Admin
‎2018-02-12 12:59 PM

This is something we are planning to add support for in R80.20

Meanwhile, you can use the following script to do it: https://community.checkpoint.com/docs/DOC-2023-check-point-code-sample-template 

0 Kudos
Chandhrasekar_S
Collaborator
‎2018-02-12 01:08 PM
In response to PhoneBoy

Thanks Dameon for providing the script

It was nice meeting you in CPX360. From Technology Innovation labs, I thought Checkpoint is going to release Office 365 addresses as dynamic objects in R80.20. Wish they include Azure ranges as well in R80.20

0 Kudos
PhoneBoy
Admin
Admin
‎2018-02-12 02:23 PM
In response to Chandhrasekar_S

I believe from past conversations with R&D that support for Azure ranges is also planned. 

lepole
Explorer
‎2019-04-09 08:36 AM
In response to PhoneBoy

Any news on this? MS is now encouraging everyone not to use the XML but their API https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service

I would love to get those IP ranges and URL lists into my R80.20 management and (most of all) keep them updated.

0 Kudos
Alan_Camelo1
Contributor
‎2019-12-02 04:32 AM
In response to lepole

Hi All,

I also have to allow the following wildcard Azure domians through the Firewall, but the wildard would need to resolve to an IP address. Is there a way this can be achieved in R80.20?

*.aadcdn.microsoftonline-p.com

*.aka.ms

*.applicationinsights.io

*.azure.com

*.azure.net

*.azureafd.net

*.azure-api.net

*.azuredatalakestore.net

*.azureedge.net

*.loganalytics.io

*.microsoft.com

*.microsoftonline.com

*.microsoftonline-p.com

*.msauth.net

*.msftauth.net

*.trafficmanager.net

*.visualstudio.com

*.windows.net

*.windows-int.net

Many Thanks in advance

 

 

0 Kudos
Tim_Koopman
Contributor
‎2018-02-12 01:39 PM

I have example scripts, which I use in production, doing this with psCheckPoint for Azure, AWS & O365 IPs.

psCheckPoint/Examples/GroupSync at master · tkoopman/psCheckPoint · GitHub 

johnnyringo
Advisor
‎2020-06-02 10:06 AM

I have this same problem and am looking at this as a possible solution:

Updatable Objects in R80.20 and above

This currently supports whitelisting of AWS, Azure, Office365, Zoom, Slack, WebEx, Dropbox, Okta, and Intune (whatever the heck that is).  My concern however is it mentions the DNS servers of the Checkpoint gateway should be the same as the endpoints, which implies it's doing real-time DNS lookups rather than downloading/refreshing set databases.  

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events