This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Maarten_Sjouw
Champion
Champion
‎2017-10-18 03:49 AM

Dynamic Global Objects no longer supported?

Jump to solution

Gents, We are setting up a R80.10 MDS, in R77.30 we are using dynamic global objects to be able to use an per domain editable group, in the global rules.

While you create an dynamic object with a name ending in _global in the global object list, in the domain you create a group with the exact same name and in there you ie put all GW objects for that domain. This way you create management and other rule in the Global rulebase that you do not need to repeat over the amount of domains you have, 150+ in our case.

When I try to use this in R80.10 it complains the object already exists....

Last time I asked I was told this would return in R80.10, but that was a while back, is it indeed still not there or is it just changed?

Regards, Maarten
1 Solution

Accepted Solutions
Tomer_Sole
Employee Alumnus
Employee Alumnus
‎2017-10-18 06:07 AM

Jump to solution

Hi,

Dynamic Global Objects are supported with R80.10. User experienced is changed.

Instead of solely relying on the _global suffix, there is a new network object of type "Dynamic Global Network Object".

R7x:

1. Login to Global Domain

2. Create a dynamic object with name that ends with _global, save.

3. Login to the Domain

4. Create a network object with the same name, save.

5. Assign (or re-assign) global policy.

R80.10 and above:

1. Login to Global Domain

2. Create a Dynamic Global Network Object. Name must end with _global, and if not, you will not be able to OK the dialog (or complete the API call). Publish.

3. Login to the Domain

4. Create a network object with the same name. Publish.

5. Assign (or re-assign) global policy.

During upgrade, your Dynamic Objects with the _global suffix which existed in the Global Domain will be converted automatically.

View solution in original post

0 Kudos
5 Replies
Tomer_Sole
Employee Alumnus
Employee Alumnus
‎2017-10-18 06:07 AM

Jump to solution

Hi,

Dynamic Global Objects are supported with R80.10. User experienced is changed.

Instead of solely relying on the _global suffix, there is a new network object of type "Dynamic Global Network Object".

R7x:

1. Login to Global Domain

2. Create a dynamic object with name that ends with _global, save.

3. Login to the Domain

4. Create a network object with the same name, save.

5. Assign (or re-assign) global policy.

R80.10 and above:

1. Login to Global Domain

2. Create a Dynamic Global Network Object. Name must end with _global, and if not, you will not be able to OK the dialog (or complete the API call). Publish.

3. Login to the Domain

4. Create a network object with the same name. Publish.

5. Assign (or re-assign) global policy.

During upgrade, your Dynamic Objects with the _global suffix which existed in the Global Domain will be converted automatically.

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2017-10-18 08:03 AM
In response to Tomer_Sole

Jump to solution

Thanks Tomer, that did the trick.

Regards, Maarten
0 Kudos
Christian_Peter
Employee Alumnus
Employee Alumnus
‎2018-11-20 02:39 AM
In response to Tomer_Sole

Jump to solution

Great reply!

Do you by any chance know if objects used for communicating with public and private clouds, can be defined as Global objects?
I can create a Datacenter Server object and connect to e.g. Azure, but can I define such an object as a Global object and use this within all domains? 

0 Kudos
Christian_Peter
Employee Alumnus
Employee Alumnus
‎2018-11-20 03:48 AM
In response to Christian_Peter

Jump to solution

Never mind! Smiley Happy
I found the answer in the Know Limitations for R80.20

R80.20 CloudGuard Controller Known Limitations 

01970321 CloudGuard Objects (Data Center Servers and Data Center Objects) are not supported in Global Domain.
0 Kudos
mikesleath
Participant
‎2020-11-11 05:38 AM
In response to Tomer_Sole

Jump to solution

Hi,

Do you have an example of the API call to create these object types - we make heavy use of them and the ability to create via the API is a requirement. Previously they were created using dbedit.

Thanks.

0 Kudos