- CheckMates
- :
- Products
- :
- General Topics
- :
- Azure fabric IP's as application/category
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Azure fabric IP's as application/category
Team,
We have IaaS configured in Azure public cloud. We need to bypass https inspection for Windows servers reaching Azure fabric. I am wondering how can I create that rule.
Thanks,
Chandru
- Tags:
- microsoft azure
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Moving this to General Product Topics since this not specific to vSEC.
Even if we had an Application Control category, you can't use Application Categories in the HTTPS Inspection rulebase.
For your specific use case, is it to reach ANYTHING in the Azure fabric or specific applications?
If just specific applications, then you can just put the specific IPs in as destinations in your HTTPS Inspection rulebase.
If you're talking about anything in Azure in general, we don't have a ready-made solution today.
That said there is functionality under development to support automatically updating dynamic objects for the purposes of using them in things like the HTTPS Inspection policy.
Right now this functionality is focused on Office 365, though I suppose it could be extended to Azure easily enough.
It's available as an Early Availability fix on top of R80.10.
If you're interested, I recommend reaching out to your local Check Point SE.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Dameon. My use case is to reach all of 'Azure' fabric not just specific applications
I will check with my SE to see if the office 365 object can be extended to whole of Azure as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I checked with R&D, having the Azure IPs available as a dynamic object is part of the plans.
However, the current EA does not include it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the update Dameon