Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Chris4Checkmate
Explorer
Jump to solution

Full support for Azure Firewall service tags?

Hi,

we would like to use <Azure Firewall service tags> within our Checkpoint firewalls.

https://learn.microsoft.com/en-us/azure/firewall/service-tags
https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview

In my knowledge the Checkpoint firewalls do not support all of these objects.

Is there any roadmap when Checkpoint will also support these objects (like the Azure built-in product does)? 

Regards,
Chris

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee

Within SmartConsole navigate as follows:

Security Policies > Access Control > Policy > Src/Dst column > Add (+) > Import > Updatable Objects ... > Azure Services > Azure Public Services

 

> API Management Public Services:

API Management.png

> Azure Machine Learning Public Services: 

ML.PNG

> Batch Node Management Public Services:

Batch.png

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
9 Replies
_Val_
Admin
Admin

@Shay_Levin  can you please advise?

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Currently these would overlap with our Updatable Objects feature (sk131852) which sources similar information from other Microsoft published lists.

I do see that they provide a programmatic method to query the available service tags which is helpful.

 

@Micky_Michaeli 

 

 

CCSM R77/R80/ELITE
0 Kudos
HadiFrohar
Employee
Employee

Hi @Chris4Checkmate 

We do have full support for Azure Firewall service tags. To be more specific:

Virtual network service tags are under Azure services updatable object, split by region (Germany services are not supported yet and we'll support them soon). Every region object contains the relevant services.

Office365 services are under Office365 updatable object (also split by region)

Best regards,
Hadi

0 Kudos
Chris4Checkmate
Explorer

Hi @HadiFrohar 

can you please explain in detail how to find the Checkpoint objects in SmartConsole? (using R81.10)

I do not find the exact objects like eg. ApiManagement, BatchNodeManagement
or specifically AzureMachineLearning.WestEurope or BatchNodeManagement.WestEurope.

Have you found all the objects listet in the MS artice (and also for regions)?
(https://learn.microsoft.com/en-us/azure/firewall/service-tags

Regards,
Chris

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Within SmartConsole navigate as follows:

Security Policies > Access Control > Policy > Src/Dst column > Add (+) > Import > Updatable Objects ... > Azure Services > Azure Public Services

 

> API Management Public Services:

API Management.png

> Azure Machine Learning Public Services: 

ML.PNG

> Batch Node Management Public Services:

Batch.png

CCSM R77/R80/ELITE
0 Kudos
Chris4Checkmate
Explorer

Hi @Chris_Atkinson 

thanks for the information - I have now also seen that these kind of dynamic objects have to imported into management before they are visible.
We are now testing.
Kind Regards,
Chris

0 Kudos
stevenet_golf
Explorer

Hi Chris,

I've been working on an requirement to have this functionality usable when a client is connected to the gateway via Remote Access. Could you confirm if this is possible?

Cheers,

Steve

0 Kudos
Chris_Atkinson
Employee Employee
Employee

I've not explicitly tested the scenario myself but a likely prerequisite would be that the gateway is controlling internet access for those remote access clients using hub mode configuration. 

CCSM R77/R80/ELITE
0 Kudos
stevenet_golf
Explorer

Now you say so, it makes perfect sense. I was wondering how client route table injection would function.

I'll do some testing...cheers!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.