- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
I need to create an object network for the list of ranges
Is there an easy way to create this list ? My firewall version is R77.30
You can use the Check Point Management API's to accomplish this.
I have updated some scripts that accomplish this HERE. They are written in Python and will create the Network objects for the AWS public IP nets.
You can find Powershell functions here as well - I have worked on one of those as well but am still refining the code.
Hope this helps !
His firewall version is R77.30, so there's no API's.
The most easy way that I can think of is by using Confwiz or sometimes called CPConfWiz.
Simply create a test ip range, export your SmartCenter (SMC) config via Confwiz, mind the XML syntax for your test ip range, open the https://ip-ranges.amazonaws.com/ip-ranges.json in your preferred text editor, adjust the syntax via Search&Replace to match the required XML syntax, import the XML containing all your required ranges back into your SMC via Confwiz.
Note: The Confwiz tool was recently changed to be available for Check Point internal staff only. Therefore create a service request or ask your Check Point support partner.. or google it.
His management is R80.10. and the API works on management not on the Gateway.
Policy then on push sends to R77.30 Gateway the objects and policy formatted for R77.30.
Best to have as recent Jumbo as possible.
CB Currier
I understand he opened his request in this R80.10 Management Thread. I was just under the Impression that he is using R77.30 on his Management as well, because he wrote that his firewall version (Gateway + Management) is R77.30. There is no R77.30 Management Thread here where he could have posted his question otherwise.
Rather than make assumptions, let's ask Paulo Aun what version of management he's using.
The mechanics of the answer are different for R77.30 and R80.10 management, but it boils down to: write a script that parses the .json from Amazon and outputs commands either to dbedit (R77.30) or the API (R80.10).
dbedit is documented here: Command Line Interface R77
Confwiz is another way to achieve the same result.
There are several example scripts for R80.x in the Developers (Code Hub) section.
For R80 I was able to cook a test PowerShell script:
#
# Download Amazon network Details
#
# (C) 2017, Hugo van der Kooij
#
# Don't forget to run `Install-Module psCheckPoint` (as administrator) once!
#
# WARNING: This script may put a significant load on your SmartCenter!
## Import Modules
Write-Host " *** Loading Modules *** "
Import-Module psCheckPoint# Download Amazon AWS IP Ranges into Object
$AmazonAWSURI = "https://ip-ranges.amazonaws.com/ip-ranges.json"
$AmazonAWS = Invoke-WebRequest -Uri $AmazonAWSURI -DisableKeepAlive | ConvertFrom-JSON
$SyncToken = $AmazonAWS.syncToken
$CreateDate = $AmazonAWS.createDate
$Marker = "syncToken = $SyncToken; createDate = $CreateDate"$Comments = "Amazon AWS - $Marker"
# Ignore Certificate Block on self-sign certificate
Write-Verbose " *** Ignore Private Certificates *** "
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $True }# Login to Check Point API to get Session ID
Write-Verbose " *** Log in to Check Point Smart Center API *** "
$Session = Open-CheckPointSessionWrite-Verbose "New-CheckPointGroup -Session $Session -Name Amazon_AWS -Tag AmazonAWS -Color Orange -Comments $Comments"
New-CheckPointGroup -Session $Session -Name Amazon_AWS -Tag AmazonAWS -Color Orange -Comments "$Comments" -DetailsLevel "None"$Services = ($AmazonAWS.prefixes.service + $AmazonAWS.ipv6_prefixes.service) | Get-Unique
ForEach ($Service in $Services) {
$GroupName = "Amazon_AWS_Service_$Service"
Write-Host "New-CheckPointGroup -Session $Session -Name $GroupName -Tag AmazonAWS,$Service -Color Orange -Comments $Comments"
New-CheckPointGroup -Session $Session -Name $GroupName -Tag AmazonAWS,$Service -Color "Orange" -Comments "$Comments"
}$Regions = ($AmazonAWS.prefixes.region + $AmazonAWS.ipv6_prefixes.region) | Sort | Get-Unique
ForEach ($Region in $Regions) {
$GroupName = "Amazon_AWS_Region_$Region"
Write-Host "New-CheckPointGroup -Session $Session -Name $GroupName -Tag AmazonAWS,$Region -Color Orange -Comments $Comments"
New-CheckPointGroup -Session $Session -Name $GroupName -Tag AmazonAWS,$Region -Color "Orange" -Comments "$Comments"
}foreach($Prefix in $AmazonAWS.prefixes) {
$Network = $Prefix.ip_prefix.Split("/")[0]
$NetworkMaskLength = $Prefix.ip_prefix.Split("/")[1]
$Region = $Prefix.region
$RegionGroup = "Amazon_AWS_Region_$Region"
$Service = $Prefix.service
$ServiceGroup = "Amazon_AWS_Service_$Service"
$Name = "Amazon_AWS_$Network/$NetworkMasklength"
Write-Host "New-CheckPointNetwork -Session $Session -Name $Name -Subnet4 $Network -MaskLength4 $NetworkMaskLength -Color Orange -Groups Amazon_AWS,$ServiceGroup,$RegionGroup -Tags AmazonAWS,$Service,$Region -Comments $Comments"
New-CheckPointNetwork -Session $Session -Name $Name -Subnet4 $Network -MaskLength4 $NetworkMaskLength -Color Orange -Groups "Amazon_AWS",$ServiceGroup,$RegionGroup -Tags AmazonAWS,$Service,$Region -Comments "$Comments"
}foreach($Prefix in $AmazonAWS.ipv6_prefixes) {
$Network = $Prefix.ipv6_prefix.Split("/")[0]
$NetworkMaskLength = $Prefix.ipv6_prefix.Split("/")[1]
$Region = $Prefix.region
$RegionGroup = "Amazon_AWS_Region_$Region"
$Service = $Prefix.service
$ServiceGroup = "Amazon_AWS_Service_$Service"
Write-Verbose "$Network/$NetworkMask | $Region | $Service"
$Name = "Amazon_AWS_$Network/$NetworkMasklength"
Write-Host "New-CheckPointNetwork -Session $Session -Name $Name -Subnet6 $Network -MaskLength6 $NetworkMaskLength -Color Orange -Groups Amazon_AWS,$ServiceGroup,$RegionGroup -Tags AmazonAWS,$Service,$Region -Comments $Comments"
New-CheckPointNetwork -Session $Session -Name $Name -Subnet6 $Network -MaskLength6 $NetworkMaskLength -Color Orange -Groups "Amazon_AWS",$ServiceGroup,$RegionGroup -Tags AmazonAWS,$Service,$Region -Comments "$Comments"
}
# Publish Changes
Write-Verbose " *** Publish Session changes *** "
Publish-CheckPointSession -Session $Session
Reset-CheckPointSession -Session $Session# Logout from Check Point API
Write-Verbose " *** Logout Session *** "
Close-CheckPointSession -Session $Session# Ignore Certificate Block on self-sign certificate no longer
Write-Verbose " *** Ignore Private Certificates no longer *** "
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $False }# Remove Modules
Write-Verbose " *** Remove Modules *** "
Remove-Module psCheckPoint# DONE!
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 20 | |
| 8 | |
| 6 | |
| 6 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 2 |
Thu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealThu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASETue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeThu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY