This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Slip-Rizzo
Participant
‎2026-03-12 06:31 AM
Jump to solution

The updatable object HTTPS services - optional bypass not found

Hello All,

Environment:  R82 JHF 60 (HOTFIX_R82_JHF_T60_TIME_FIX_655_MAIN Take: 2)

With thanks/appreciation to Updatable Objects (UO), I am auditing HTTPS Inspection rules removing duplicate URLs in legacy/customized entries.

To do this, I look at the composition of an appropriate Updatable Object using domains_tool query.

UOs in particular are HTTPS services recommended and optional (sk163595)

The query for "recommended" works, but "optional" does not.  Let me share my terminal experience.

Recommended - Found/Works:

[Expert@CP1:0]# domains_tool -uo "HTTPS services - recommended bypass"

Domain tool looking for domains for 'HTTPS services - recommended bypass' and its children objects:

Domains name list for 'Adobe Updates - HTTPS bypass':

[1] adobe.com
[2] *.adobetag.com
[3] *.adobe.com

Domains name list for 'Check Point Updates - HTTPS bypass':

[1] avupdates.checkpoint.com
[2] secureupdates.checkpoint.com
[3] updates.checkpoint.com

Domains name list for 'Java Updates - HTTPS bypass':

[1] sjremetrics.java.com
[2] javadl-esd-secure.oracle.com
[3] *.javadl-esd-secure.oracle.com

Domains name list for 'Microsoft Updates - HTTPS bypass':

[1] update.microsoft.com
[2] tsfe.trafficshaping.dsp.mp.microsoft.com
[3] *.vortex-win.data.microsoft.com
[4] *.delivery.mp.microsoft.com
[5] sls.update.microsoft.com
[6] *.update.microsoft.com
[7] settings-win.data.microsoft.com
[8] login.live.com

Domains name list for 'Mozilla Firefox Updates - HTTPS bypass':

[1] download-installer.cdn.mozilla.net

[Expert@CP1:0]#

 

For some reason, I cannot have a similar experience with the "optional" UO version:

Optional UO Not Found:

[Expert@CP1:0]# domains_tool -uo "HTTPS services - optional bypass"
The updatable object HTTPS services - optional bypass not found
[Expert@CP1:0]#

In case I am out of date, ran this utility:

[Expert@CP1:0]# unified_dl UPDATE ONLINE_SERVICES
Entering mainloop
Unified_Download_Update_Now_CB: Activated, opq [UPDATE NOW OPAQUE]
************************************************
Got response : Request was completed successfully
Got Reason:

************************************************
Exiting mainloop

[Expert@CP1:0]#

... and tried again...

[Expert@CP1:0]# domains_tool -uo "HTTPS services - optional bypass"
The updatable object HTTPS services - optional bypass not found
[Expert@CP1:0]#

 

What am I doing wrong?

Thank you for assistance.

2 Solutions

Accepted Solutions
simonemantovani
MVP
MVP
‎2026-03-12 06:59 AM
In response to Slip-Rizzo
Jump to solution

Dumb question: that object is already used in some access/NAT rule?

 

View solution in original post

(1)
the_rock
MVP Diamond
MVP Diamond
‎2026-03-12 07:02 AM
In response to Slip-Rizzo
Jump to solution

Updatable object needs to be present in the policy for that command to work. I just tested it and came up just fine.

 

[Expert@gw-r82:0]# domains_tool -uo "HTTPS services - optional bypass"

Domain tool looking for domains for 'HTTPS services - optional bypass' and its children objects:

Domains name list for 'AWS Console - HTTPS bypass':

[1] opfcaptcha-prod.s3.amazonaws.com
[2] signin.aws.amazon.com
[3] fls-na.amazon.com
[4] *.console.aws.amazon.com
[5] cdn.assets.as2.amazonaws.com
[6] docs.aws.amazon.com
[7] aws-signin-website-assets.s3.amazonaws.com
[8] Images-na.ssl-images-amazon.com
[9] d1dgtfo2wk29o4.cloudfront.net
[10] *.signin.aws.amazon.com

Domains name list for 'BitDefender - HTTPS bypass':

[1] nimbus.bitdefender.net
[2] upgrade.bitdefender.com
[3] login.bitdefender.net
[4] push.bitdefender.net
[5] login.bitdefender.com
[6] download.bitdefender.com
[7] *.cdn.bitdefender.net

Domains name list for 'Dashlane - HTTPS bypass':

[1] *.dashlane.com
[2] dashlane.com

Domains name list for 'Dropbox - HTTPS bypass':

[1] mmp.getdropbox.com
[2] *.previews.dropboxusercontent.com
[3] *.dropbox.com
[4] *.dropboxapi.com

Domains name list for 'Facebook - HTTPS bypass':

[1] *.facebook.com

Domains name list for 'Finch VPN - HTTPS bypass':

[1] www.finchvpn.com
[2] amber.finchapi.com

Domains name list for 'Google - HTTPS bypass':

[1] fcmtoken.googleapis.com
[2] cryptauthenrollment.googleapis.com
[3] *.gvt1.com
[4] *.gstatic.com
[5] device-provisioning.googleapis.com
[6] firebaseperusertopics-pa.googleapis.com
[7] digitalassetlinks.googleapis.com
[8] android.clients.google.com
[9] alt2-mtalk.google.com
[10] play-lh.googleusercontent.com
[11] lh3.googleusercontent.com
[12] accounts.google.com
[13] semanticlocation-pa.googleapis.com
[14] www.google.com
[15] android.googleapis.com
[16] play.googleapis.com
[17] fcmconnection.googleapis.com

Domains name list for 'LogMeIn - HTTPS bypass':

[1] *.getgocdn.com
[2] *.getgo.com
[3] *.gotoassist.at
[4] *.gotomeeting.com
[5] *.gotoassist.com
[6] *.logmein.com
[7] *.gotostage.com
[8] *.logmeinrescue.com
[9] *.cdngetgo.com
[10] *.gotowebinar.com
[11] *.go2assist.me
[12] *.gototraining.com
[13] *.logmeininc.com
[14] *.helpme.net
[15] logmein.com
[16] *.joingotomeeting.com
[17] *.joinwebinar.com
[18] *.getgoservices.net
[19] *.gotomeet.at
[20] *.gotomypc.com
[21] gotomeet.me
[22] *.gotomeet.me
[23] *.jointraining.com
[24] *.expertcity.com
[25] *.gotoassist.me
[26] accounts.logme.in
[27] *.gofastchat.com
[28] *.accounts.logme.in
[29] *.goto-rtc.com
[30] *.getgoservices.com

Domains name list for 'Skype for Business (Lync) - HTTPS bypass':

[1] *.lync.com
[2] lync.com

Domains name list for 'MyQuickCloud - HTTPS bypass':

[1] *.myquickcloud.com

Domains name list for 'OneDrive - HTTPS bypass':

[1] *.data.microsoft.com
[2] odc.officeapps.live.com
[3] *.svc.ms
[4] fpt.live.com
[5] cdn.onenote.net
[6] cdn.funcaptcha.com
[7] *.pipe.aria.microsoft.com
[8] *.onedrive.com
[9] skyapi.live.net
[10] skyapi.policies.live.net
[11] signup.live.com
[12] login.live.com
[13] *.msauth.net

Domains name list for 'Elster.de - HTTPS bypass':

[1] datenannahme9.elster.de
[2] datenannahme8.elster.de
[3] *.elster.de
[4] datenannahme2.elster.de
[5] datenannahme1.elster.de
[6] datenannahme5.elster.de
[7] datenannahme.elster.de
[8] datenannahme3.elster.de
[9] datenannahme7.elster.de
[10] datenannahme0.elster.de
[11] datenannahme6.elster.de
[12] datenannahme4.elster.de

Best,
Andy
"Have a great day and if its not, change it"

View solution in original post

7 Replies
the_rock
MVP Diamond
MVP Diamond
‎2026-03-12 06:32 AM
Jump to solution

Is that 100% the right name though?

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Slip-Rizzo
Participant
‎2026-03-12 06:46 AM
In response to the_rock
Jump to solution

Great question/suggestion. I believe so.  Just like the "recommended" OU, this is what I referenced:

HTTPS services - optional bypass.jpg

FWIW, I copy/paste the name in my commands to minimize a snafu on my part.  Any other ideas?  Thank you!

0 Kudos
simonemantovani
MVP
MVP
‎2026-03-12 06:59 AM
In response to Slip-Rizzo
Jump to solution

Dumb question: that object is already used in some access/NAT rule?

 

(1)
Slip-Rizzo
Participant
‎2026-03-12 07:09 AM
In response to simonemantovani
Jump to solution

No - the object was not already used.  You were on the right track, thank you!

the_rock
MVP Diamond
MVP Diamond
‎2026-03-12 07:02 AM
In response to Slip-Rizzo
Jump to solution

Updatable object needs to be present in the policy for that command to work. I just tested it and came up just fine.

 

[Expert@gw-r82:0]# domains_tool -uo "HTTPS services - optional bypass"

Domain tool looking for domains for 'HTTPS services - optional bypass' and its children objects:

Domains name list for 'AWS Console - HTTPS bypass':

[1] opfcaptcha-prod.s3.amazonaws.com
[2] signin.aws.amazon.com
[3] fls-na.amazon.com
[4] *.console.aws.amazon.com
[5] cdn.assets.as2.amazonaws.com
[6] docs.aws.amazon.com
[7] aws-signin-website-assets.s3.amazonaws.com
[8] Images-na.ssl-images-amazon.com
[9] d1dgtfo2wk29o4.cloudfront.net
[10] *.signin.aws.amazon.com

Domains name list for 'BitDefender - HTTPS bypass':

[1] nimbus.bitdefender.net
[2] upgrade.bitdefender.com
[3] login.bitdefender.net
[4] push.bitdefender.net
[5] login.bitdefender.com
[6] download.bitdefender.com
[7] *.cdn.bitdefender.net

Domains name list for 'Dashlane - HTTPS bypass':

[1] *.dashlane.com
[2] dashlane.com

Domains name list for 'Dropbox - HTTPS bypass':

[1] mmp.getdropbox.com
[2] *.previews.dropboxusercontent.com
[3] *.dropbox.com
[4] *.dropboxapi.com

Domains name list for 'Facebook - HTTPS bypass':

[1] *.facebook.com

Domains name list for 'Finch VPN - HTTPS bypass':

[1] www.finchvpn.com
[2] amber.finchapi.com

Domains name list for 'Google - HTTPS bypass':

[1] fcmtoken.googleapis.com
[2] cryptauthenrollment.googleapis.com
[3] *.gvt1.com
[4] *.gstatic.com
[5] device-provisioning.googleapis.com
[6] firebaseperusertopics-pa.googleapis.com
[7] digitalassetlinks.googleapis.com
[8] android.clients.google.com
[9] alt2-mtalk.google.com
[10] play-lh.googleusercontent.com
[11] lh3.googleusercontent.com
[12] accounts.google.com
[13] semanticlocation-pa.googleapis.com
[14] www.google.com
[15] android.googleapis.com
[16] play.googleapis.com
[17] fcmconnection.googleapis.com

Domains name list for 'LogMeIn - HTTPS bypass':

[1] *.getgocdn.com
[2] *.getgo.com
[3] *.gotoassist.at
[4] *.gotomeeting.com
[5] *.gotoassist.com
[6] *.logmein.com
[7] *.gotostage.com
[8] *.logmeinrescue.com
[9] *.cdngetgo.com
[10] *.gotowebinar.com
[11] *.go2assist.me
[12] *.gototraining.com
[13] *.logmeininc.com
[14] *.helpme.net
[15] logmein.com
[16] *.joingotomeeting.com
[17] *.joinwebinar.com
[18] *.getgoservices.net
[19] *.gotomeet.at
[20] *.gotomypc.com
[21] gotomeet.me
[22] *.gotomeet.me
[23] *.jointraining.com
[24] *.expertcity.com
[25] *.gotoassist.me
[26] accounts.logme.in
[27] *.gofastchat.com
[28] *.accounts.logme.in
[29] *.goto-rtc.com
[30] *.getgoservices.com

Domains name list for 'Skype for Business (Lync) - HTTPS bypass':

[1] *.lync.com
[2] lync.com

Domains name list for 'MyQuickCloud - HTTPS bypass':

[1] *.myquickcloud.com

Domains name list for 'OneDrive - HTTPS bypass':

[1] *.data.microsoft.com
[2] odc.officeapps.live.com
[3] *.svc.ms
[4] fpt.live.com
[5] cdn.onenote.net
[6] cdn.funcaptcha.com
[7] *.pipe.aria.microsoft.com
[8] *.onedrive.com
[9] skyapi.live.net
[10] skyapi.policies.live.net
[11] signup.live.com
[12] login.live.com
[13] *.msauth.net

Domains name list for 'Elster.de - HTTPS bypass':

[1] datenannahme9.elster.de
[2] datenannahme8.elster.de
[3] *.elster.de
[4] datenannahme2.elster.de
[5] datenannahme1.elster.de
[6] datenannahme5.elster.de
[7] datenannahme.elster.de
[8] datenannahme3.elster.de
[9] datenannahme7.elster.de
[10] datenannahme0.elster.de
[11] datenannahme6.elster.de
[12] datenannahme4.elster.de

Best,
Andy
"Have a great day and if its not, change it"
Slip-Rizzo
Participant
‎2026-03-12 07:10 AM
In response to the_rock
Jump to solution

Bingo - thank you very much @simonemantovani  @the_rock 

 

the_rock
MVP Diamond
MVP Diamond
‎2026-03-12 07:13 AM
In response to Slip-Rizzo
Jump to solution

Ok, great!

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Thu 30 Apr 2026 @ 03:00 PM (PDT)

    Hillsboro, OR: Securing The AI Transformation and Exposure Management
    In-Person

    Thu 07 May 2026 @ 01:30 PM (AEST)

    CheckMates Live Sydney
    In-Person

    Tue 02 Jun 2026 @ 09:00 AM (CEST)

    CheckMates Live Denmark - Aarhus
    In-Person

    Wed 03 Jun 2026 @ 09:00 AM (CEST)

    CheckMates Live Denmark - Copenhagen
    CheckMates Events