Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kunal_Parikh
Explorer

Dynamic Objects (URL)

What is best approach to allow connection to Microsoft Azure/AWS, when destination URL are hosted in cloud and does not have fixed IP. If I don't want traffic to go via proxy, does checkpoint support destination URL's ? I have read about dynamic objects and have also read it causes high CPU but not sure if it is best practice.

5 Replies
PhoneBoy
Admin
Admin

You've got a couple of options:

  1. Create a custom application with the desired URLs (this will require HTTPS Inspection if the URLs are HTTPS)
  2. Use Domain Objects with FQDN in R80.10 (which will do forward DNS lookups on the names)--works for non http/https as well.
  3. Use Dynamic Objects (impacts SecureXL templates in R77.30 and earlier) and use a script to update based on DNS, such as: chkp / dynobj — Bitbucket (also works for things not http/https as well)
Chamila_Garusi2
Explorer

Hi,

Is this statement still valid now in R77.30 code.

to use Custom Application in AC/URLF policy.

Thanks,

Chamila

0 Kudos
PhoneBoy
Admin
Admin

This is relevant for R77.30, yes.
Carsten_R
Contributor

I was exited to see, that there is a script available which translates FQDNs to IP addresses and pushes Dynamic Objects to gateways.

However, the mentioned script seems to be not maintained anymore. It raises a lot of errors with Python 3.

 

Ok, this thread is now 4 years old, but I'd like to say here, that the "Generic Data Center feature" in R81 (sk167210) sounds also interesting. The only challenge for me is the process to script the FQDN translated results into this JSON format...

0 Kudos
Gaurav_Pandya
Advisor

Hi Kunal,

If you are using R80.10 then you can refer below Doc.

https://community.checkpoint.com/docs/DOC-2339-dynamic-objects-in-r8010

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events