Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kaspars_Zibarts
Authority
Authority

Updatable Object for Checkpoint services

Here's a million dollar question (or maybe $5) 

what's missing on the list of Updatable Objects below? Where's Checkpoint services? Ones that are listed here sk83520 

Of course you could create FQDN objects manually or a custom application category with URLs included but that maens manual maintenance. Would be so nice to have a pre-built object that's maintained by CP themselves! Have great friday!

image.png

(1)
13 Replies
Wolfgang
Leader
Leader

Yeah @Kaspars_Zibarts  this would be really nice to have.

Same for enhancement of the "HTTPS services - bypass"-object for known problematic sites from Several HTTPS web sites and applications might not work properly when HTTPS Inspection is enabled on...

not only HTTPS Inspection bypass list object for R80.40 and higher 

0 Kudos
genisis__
Advisor

I've banged on about this as well to Checkpoint, its completely stupid of Checkpoint not to include there own services as part of this.

(1)
Nadav_Feigenbla
Employee
Employee

Hello @Kaspars_Zibarts , @genisis__ et all, 
We are targeting to release updatable object for Check Point online services in a matter of several weeks.
I appreciate the product feedback!

@Wolfgang, I am taking internally with team to see which of the domains in SK can be promptly added to "optional bypass" section in object.

Regards, 
Nadav Feigenblat

0 Kudos
genisis__
Advisor

Hi Nadav,

This is really positive!  We all look forward to this.

 

One small think, not sure if your the correct person to highlight this to.  In R81 Jumbo 25 there is an issue where trusted GUI client is no longer authorised.

We have specified a subnet rather hosts as Allowed clients, which is a supported approach.  In this Jumbo a host within this subnet is not authorised to access the SMS; we resolved this by installing JHFA23 instead.

I have raised a TAC case.  TAC have requested I add host addresses.  I don't believe this is the correct approach.  The approach in my option should be:

- Acknowledge the fault

- Create a bug id

- resolve the fault

- Pull JHFA25 (or update it as its ongoing), and release a new Jumbo.

 

0 Kudos
Ofer_Barzvi
Employee
Employee

Hello @genisis__,

There is indeed a bug in JHF 25 when connecting from an IP that not explicitly defined in the Trusted Clients list and next take (planned to be released in few days) will include a fix for this.

sk173026 about the issue was created and will be released ASAP.

 

Regards,

Ofer Barzvi

0 Kudos
genisis__
Advisor

Awesome! Thanks for confirming.

b.t.w I can't find the SK?

 

0 Kudos
genisis__
Advisor

In this new update, are there plans to increase the number of updatable objects?  Example I think would be useful to have the following:

Zoom

WebEx

Cisco Meraki Cloud

Fortigate Cloud

PaloAlto Cloud

 

 

0 Kudos
Nadav_Feigenbla
Employee
Employee

The new update is targeted to release 3 common requests we get - 
1. Check Point online services 
2. Github services 
3. Zscaler services 

Regarding Zoom & Webex - both are already available as updatable objects.

Regarding Cisco/Fortinet/Palo Alto cloud - we didn't get this request till now and we can surely evaluate it for next rounds.

Nadav

genisis__
Advisor

Great! I think the other clouds would be good to encompass as these are common, equally I would hope that the Checkpoint Cloud would be integrated into the other vendor security solutions as well.

0 Kudos
Abd_S81
Participant

Perhaps also good to add status of connectivity or a version number of some sort in the Updateable Object window or last connected date/time . Actually similar to a data center object which has "test connectivity". This way it is confirmed status is green or red of the Updateable objects itself incase there is a loss of network connectivity or updateable objects are not getting updated for some reason. 

genisis__
Advisor

I like it!

0 Kudos
the_rock
Advisor

Good point there : ). I will check for my own reference if this looks any different in my R81.10 lab.

0 Kudos
the_rock
Advisor

Looks exactly the same on R81.10...no change. 

0 Kudos