This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kunal_Parikh
Explorer
‎2017-11-27 04:18 PM

Dynamic Objects (URL)

What is best approach to allow connection to Microsoft Azure/AWS, when destination URL are hosted in cloud and does not have fixed IP. If I don't want traffic to go via proxy, does checkpoint support destination URL's ? I have read about dynamic objects and have also read it causes high CPU but not sure if it is best practice.

5 Replies
PhoneBoy
Admin
Admin
‎2017-11-27 10:42 PM

You've got a couple of options:

  1. Create a custom application with the desired URLs (this will require HTTPS Inspection if the URLs are HTTPS)
  2. Use Domain Objects with FQDN in R80.10 (which will do forward DNS lookups on the names)--works for non http/https as well.
  3. Use Dynamic Objects (impacts SecureXL templates in R77.30 and earlier) and use a script to update based on DNS, such as: chkp / dynobj — Bitbucket (also works for things not http/https as well)
Chamila_Garusi2
Explorer
‎2019-10-16 08:43 AM
In response to PhoneBoy

Hi,

Is this statement still valid now in R77.30 code.

to use Custom Application in AC/URLF policy.

Thanks,

Chamila

0 Kudos
PhoneBoy
Admin
Admin
‎2019-10-16 11:13 AM
In response to Chamila_Garusi2

This is relevant for R77.30, yes.
Carsten_R
Contributor
‎2021-12-23 06:47 AM
In response to PhoneBoy

I was exited to see, that there is a script available which translates FQDNs to IP addresses and pushes Dynamic Objects to gateways.

However, the mentioned script seems to be not maintained anymore. It raises a lot of errors with Python 3.

 

Ok, this thread is now 4 years old, but I'd like to say here, that the "Generic Data Center feature" in R81 (sk167210) sounds also interesting. The only challenge for me is the process to script the FQDN translated results into this JSON format...

0 Kudos
Gaurav_Pandya
Advisor
‎2017-11-28 06:45 AM

Hi Kunal,

If you are using R80.10 then you can refer below Doc.

https://community.checkpoint.com/docs/DOC-2339-dynamic-objects-in-r8010

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top