- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: Full support for Azure Firewall service tags?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Full support for Azure Firewall service tags?
Hi,
we would like to use <Azure Firewall service tags> within our Checkpoint firewalls.
https://learn.microsoft.com/en-us/azure/firewall/service-tags
https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview
In my knowledge the Checkpoint firewalls do not support all of these objects.
Is there any roadmap when Checkpoint will also support these objects (like the Azure built-in product does)?
Regards,
Chris
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Within SmartConsole navigate as follows:
Security Policies > Access Control > Policy > Src/Dst column > Add (+) > Import > Updatable Objects ... > Azure Services > Azure Public Services
> API Management Public Services:
> Azure Machine Learning Public Services:
> Batch Node Management Public Services:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Shay_Levin can you please advise?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Currently these would overlap with our Updatable Objects feature (sk131852) which sources similar information from other Microsoft published lists.
I do see that they provide a programmatic method to query the available service tags which is helpful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We do have full support for Azure Firewall service tags. To be more specific:
Virtual network service tags are under Azure services updatable object, split by region (Germany services are not supported yet and we'll support them soon). Every region object contains the relevant services.
Office365 services are under Office365 updatable object (also split by region)
Best regards,
Hadi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @HadiFrohar
can you please explain in detail how to find the Checkpoint objects in SmartConsole? (using R81.10)
I do not find the exact objects like eg. ApiManagement, BatchNodeManagement
or specifically AzureMachineLearning.WestEurope or BatchNodeManagement.WestEurope.
Have you found all the objects listet in the MS artice (and also for regions)?
(https://learn.microsoft.com/en-us/azure/firewall/service-tags)
Regards,
Chris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Within SmartConsole navigate as follows:
Security Policies > Access Control > Policy > Src/Dst column > Add (+) > Import > Updatable Objects ... > Azure Services > Azure Public Services
> API Management Public Services:
> Azure Machine Learning Public Services:
> Batch Node Management Public Services:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Chris_Atkinson
thanks for the information - I have now also seen that these kind of dynamic objects have to imported into management before they are visible.
We are now testing.
Kind Regards,
Chris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Chris,
I've been working on an requirement to have this functionality usable when a client is connected to the gateway via Remote Access. Could you confirm if this is possible?
Cheers,
Steve
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've not explicitly tested the scenario myself but a likely prerequisite would be that the gateway is controlling internet access for those remote access clients using hub mode configuration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Now you say so, it makes perfect sense. I was wondering how client route table injection would function.
I'll do some testing...cheers!