cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Creating Azure Public IP Ranges as destination object

Team,

We would like to create Azure Public IP ranges as destination object in Checkpoint R80.10 vSEC firewalls

Microsoft publishes its IP ranges as XML (https://www.microsoft.com/en-us/download/details.aspx?id=41653). Does anyone have an idea on how to import the .xml file into checkpoint firewalls using REST API or some other means

Thanks,

Chandru

6 Replies
Admin
Admin

Re: Creating Azure Public IP Ranges as destination object

This is something we are planning to add support for in R80.20

Meanwhile, you can use the following script to do it: https://community.checkpoint.com/docs/DOC-2023-check-point-code-sample-template 

0 Kudos

Re: Creating Azure Public IP Ranges as destination object

Thanks Dameon for providing the script

It was nice meeting you in CPX360. From Technology Innovation labs, I thought Checkpoint is going to release Office 365 addresses as dynamic objects in R80.20. Wish they include Azure ranges as well in R80.20

0 Kudos
Admin
Admin

Re: Creating Azure Public IP Ranges as destination object

I believe from past conversations with R&D that support for Azure ranges is also planned. 

lepole
Ivory

Re: Creating Azure Public IP Ranges as destination object

Any news on this? MS is now encouraging everyone not to use the XML but their API https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service

I would love to get those IP ranges and URL lists into my R80.20 management and (most of all) keep them updated.

0 Kudos

Re: Creating Azure Public IP Ranges as destination object

Hi All,

I also have to allow the following wildcard Azure domians through the Firewall, but the wildard would need to resolve to an IP address. Is there a way this can be achieved in R80.20?

*.aadcdn.microsoftonline-p.com

*.aka.ms

*.applicationinsights.io

*.azure.com

*.azure.net

*.azureafd.net

*.azure-api.net

*.azuredatalakestore.net

*.azureedge.net

*.loganalytics.io

*.microsoft.com

*.microsoftonline.com

*.microsoftonline-p.com

*.msauth.net

*.msftauth.net

*.trafficmanager.net

*.visualstudio.com

*.windows.net

*.windows-int.net

Many Thanks in advance

 

 

0 Kudos
Tim_Koopman
Nickel

Re: Creating Azure Public IP Ranges as destination object

I have example scripts, which I use in production, doing this with psCheckPoint for Azure, AWS & O365 IPs.

psCheckPoint/Examples/GroupSync at master · tkoopman/psCheckPoint · GitHub