This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
GrassF
Participant
‎2022-11-29 02:17 AM

Allowing Fortigate ISDB on Checkpoint

Hi, we have place a checkpoint Firewall before a Fortigate Firewall. The checkpoint is facing the internet as 1st line Firewall. We need to allow some ISDB (Fortigate Internet Service Database) through the checkpoint. How could this be implemented?

Unfortunately the fortigate services does not give any urls, only IPs

These are example of ISDB we would like to allow.
TrendMicro-Other 1-65535
TrendMicro-Web 80, 443, 8443
Adobe-Adobe.Cloud 1-65535

Thank you,

0 Kudos
2 Replies
Chris_Atkinson
Employee
Employee
‎2022-11-29 02:57 AM

We have something similar that we call Updatable Objects, please refer sk131852.

Depending on the scenario you may optionally use Domain objects to help in case there are gaps.

Where we don't have coverage currently for a specific service you can otherwise request it via your CP account team as an RFE.

 

0 Kudos
GrassF
Participant
‎2022-11-29 03:37 AM
In response to Chris_Atkinson

Thank you, we've tried Updatable Objects but TrendMicro and Adobe are not covered. We though about this option with domain objects but we do not have the urls for it (TrendMicro and Adobe) - the IPs seems not to be bound to the urls of the vendors, for example trendmicro.com or adobe.com - We randomly choose some IPs defined for this on the forgate and the nslookup are giving us different outcomes.

0 Kudos