This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Chandhrasekar_S
Collaborator
‎2017-11-13 09:27 AM

Azure fabric IP's as application/category

Team,

We have IaaS configured in Azure public cloud. We need to bypass https inspection for Windows servers reaching Azure fabric. I am wondering how can I create that rule.

Thanks,

Chandru

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2017-11-13 03:33 PM

Moving this to General Product Topics since this not specific to vSEC.

Even if we had an Application Control category, you can't use Application Categories in the HTTPS Inspection rulebase.

For your specific use case, is it to reach ANYTHING in the Azure fabric or specific applications?

If just specific applications, then you can just put the specific IPs in as destinations in your HTTPS Inspection rulebase.

If you're talking about anything in Azure in general, we don't have a ready-made solution today.

That said there is functionality under development to support automatically updating dynamic objects for the purposes of using them in things like the HTTPS Inspection policy.

Right now this functionality is focused on Office 365, though I suppose it could be extended to Azure easily enough.

It's available as an Early Availability fix on top of R80.10.

If you're interested, I recommend reaching out to your local Check Point SE.

0 Kudos
Chandhrasekar_S
Collaborator
‎2017-11-14 07:46 AM
In response to PhoneBoy

Thanks Dameon. My use case is to reach all of 'Azure' fabric not just specific applications

I will check with my SE to see if the office 365 object can be extended to whole of Azure as well.

0 Kudos
PhoneBoy
Admin
Admin
‎2017-11-14 09:21 AM
In response to Chandhrasekar_S

I checked with R&D, having the Azure IPs available as a dynamic object is part of the plans.

However, the current EA does not include it. 

0 Kudos
Chandhrasekar_S
Collaborator
‎2017-11-14 09:50 AM
In response to PhoneBoy

Thanks for the update Dameon

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events