This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JED
Explorer
Friday

Import Updatable Objects

Hi All,

Following some broad reading of SK documents  we now have some questions relating to the use  of the Updatable Objects.

Currently our gateways are on R81.10 and the SMS is on R81.20.

The questions are as follows:

1. The Use of the updatable object in the rule base : does the Updatable object get its objects from the updates on SMS or the gateway or both?

2. How do you check the  "contents"  of the allowable/ contained addresses in a group in the Updatable Object : e.g. "United Kingdom"  or Google Services ( two  listed)?

3. What is the frequency  of the updates : ( again does this get updated  on gateway or SMS : ( in 1 above) ? How is it checked.  

4. In reference to item 2. and the  "Google Services"  we have found the URL that identifies the "Ip ranges that Google makes available to users on the internet"  :  Would it be this ( or similar) that Checkpoint uses for the updates  in the first instance.

5. Currently we are the stages of infancy  with the  use of these Updatable  Objects, there are some SK's that provide some very good information  but again there is some missing info to describe its baseline  operation.

6. Does the use of these  or the Updates  / frequency/ timeline have any load implications on any CPU on Gateway or SMS?

 

All the best  JED.

 

0 Kudos
4 Replies
AkosBakos
Leader Leader
Leader
Friday

Hi think you saw this sk: https://support.checkpoint.com/results/sk/sk131852

The Time-to-Live (TTL) for FQDN cache is 60 minutes. When using FQDN mode, all Domain Objects are refreshed once per minute. To refresh the Domain Object resolution, the Security Gateway queries all defined DNS servers for both "domain.com" and "www.domain.com" from the Domain Object.

----------------
\m/_(>_<)_\m/
0 Kudos
Gaurav_Pandya
Advisor
Friday

Hi JED,

I can answer few of your questions. 

1. Information will be fetched by firewall

3. It fetches information when it is updated from vendor side.

Updatable object.PNG

You can check sk131852 for more information

PhoneBoy
Admin
Admin
Friday

To answer number 2, see: https://community.checkpoint.com/t5/Security-Gateways/Updatable-Objects-Audit-changes-and-contents/m...

I believe updates are fetched once an hour.
The load on the gateway is minimal, though I believe there is also a limit to the number of Updatable Objects allowed in the policy.

0 Kudos
the_rock
Legend
Legend
Friday

Let me take "crack" at it, though someone will correct me, Im sure 🙂

Andy

 

1. The Use of the updatable object in the rule base : does the Updatable object get its objects from the updates on SMS or the gateway or both? I believe management

2. How do you check the  "contents"  of the allowable/ contained addresses in a group in the Updatable Object : e.g. "United Kingdom"  or Google Services ( two  listed)? Im only aware ofm domains_tool command for this

3. What is the frequency  of the updates : ( again does this get updated  on gateway or SMS : ( in 1 above) ? How is it checked.  every 60 mins

4. In reference to item 2. and the  "Google Services"  we have found the URL that identifies the "Ip ranges that Google makes available to users on the internet"  :  Would it be this ( or similar) that Checkpoint uses for the updates  in the first instance. yes

5. Currently we are the stages of infancy  with the  use of these Updatable  Objects, there are some SK's that provide some very good information  but again there is some missing info to describe its baseline  operation.

https://support.checkpoint.com/results/sk/sk131852

6. Does the use of these  or the Updates  / frequency/ timeline have any load implications on any CPU on Gateway or SMS? I had never seen any impact myself at all

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events