Hello,
we had several discussions with support partners and checkpoint presales but we did not get a fully satisfied answer to our question or "problems".
Our idea is that we have different firewall rules with "group objects" in source or destination containing "host objects" or "network objects". We are interested in a way to put objects within this group and these objects will be pushed to the gateway (immediately) without Policy Installation or without installing other changes which were made by other administrators on the same policy package (but not the same rule or object groups).
So as far as I understand this feature is already implemented if you for example connect R80.20 MDS with a Cisco ACI APIC and you create a datacenter object. Then this object contains EPGs and these EPGs and there content will be pushed to the gateway within seconds. So if someone is doing changes on the Cisco APIC and puts an object into an EPG than this is synchronized with CheckPoint MDS and the ne content of the EPG will be pushed without Policy Installation and within seconds to the gateway, right?
So what we are looking for is a solution doing that without any third party. We do not want to connect or use ACI APIC or VMware NSX.
In the very best case we wanto:
1.) Create the rule in the firewall policy containing the group objects, publish it and install it (only the very first time)
2.) we want to add new objects to these existing groups and these objects should be pushed to the gateway WITHOUT pushing any other changes made on the policy
3.) Best way would be to add objects to these groups using the R80.20 API.
I would really appreciate any help on this topic. I think it is called "Adaptive Security" - do you have any documentation for htat you can offer me?
Regards
Alexander Wilke