cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Dynamic Global Objects no longer supported?

Jump to solution

Gents, We are setting up a R80.10 MDS, in R77.30 we are using dynamic global objects to be able to use an per domain editable group, in the global rules.

While you create an dynamic object with a name ending in _global in the global object list, in the domain you create a group with the exact same name and in there you ie put all GW objects for that domain. This way you create management and other rule in the Global rulebase that you do not need to repeat over the amount of domains you have, 150+ in our case.

When I try to use this in R80.10 it complains the object already exists....

Last time I asked I was told this would return in R80.10, but that was a while back, is it indeed still not there or is it just changed?

Regards, Maarten
1 Solution

Accepted Solutions

Re: Dynamic Global Objects no longer supported?

Jump to solution

Hi,

Dynamic Global Objects are supported with R80.10. User experienced is changed.

Instead of solely relying on the _global suffix, there is a new network object of type "Dynamic Global Network Object".

R7x:

1. Login to Global Domain

2. Create a dynamic object with name that ends with _global, save.

3. Login to the Domain

4. Create a network object with the same name, save.

5. Assign (or re-assign) global policy.

R80.10 and above:

1. Login to Global Domain

2. Create a Dynamic Global Network Object. Name must end with _global, and if not, you will not be able to OK the dialog (or complete the API call). Publish.

3. Login to the Domain

4. Create a network object with the same name. Publish.

5. Assign (or re-assign) global policy.

During upgrade, your Dynamic Objects with the _global suffix which existed in the Global Domain will be converted automatically.

0 Kudos
4 Replies

Re: Dynamic Global Objects no longer supported?

Jump to solution

Hi,

Dynamic Global Objects are supported with R80.10. User experienced is changed.

Instead of solely relying on the _global suffix, there is a new network object of type "Dynamic Global Network Object".

R7x:

1. Login to Global Domain

2. Create a dynamic object with name that ends with _global, save.

3. Login to the Domain

4. Create a network object with the same name, save.

5. Assign (or re-assign) global policy.

R80.10 and above:

1. Login to Global Domain

2. Create a Dynamic Global Network Object. Name must end with _global, and if not, you will not be able to OK the dialog (or complete the API call). Publish.

3. Login to the Domain

4. Create a network object with the same name. Publish.

5. Assign (or re-assign) global policy.

During upgrade, your Dynamic Objects with the _global suffix which existed in the Global Domain will be converted automatically.

0 Kudos

Re: Dynamic Global Objects no longer supported?

Jump to solution

Thanks Tomer, that did the trick.

Regards, Maarten
0 Kudos

Re: Dynamic Global Objects no longer supported?

Jump to solution

Great reply!

Do you by any chance know if objects used for communicating with public and private clouds, can be defined as Global objects?
I can create a Datacenter Server object and connect to e.g. Azure, but can I define such an object as a Global object and use this within all domains? 

0 Kudos

Re: Dynamic Global Objects no longer supported?

Jump to solution

Never mind! Smiley Happy
I found the answer in the Know Limitations for R80.20

R80.20 CloudGuard Controller Known Limitations 

01970321 CloudGuard Objects (Data Center Servers and Data Center Objects) are not supported in Global Domain.
0 Kudos