This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2019-07-11 06:47 AM
Jump to solution

R80.20 Updatable Domain Objects and CLI Commands

 

An updatable object (new in R80.20 and above) is a network object that represents an external service, such as Office 365, AWS, GEO locations and more. External services providers publish lists of IP addresses, or Domains, or both, to allow access to their services. These lists are dynamically updated. Updatable objects derive their contents from these published lists of the providers, which Check Point uploads to the Check Point cloud. The updatable objects are updated automatically on the Security Gateway each time the provider changes a list. There is no need to install policy for the updates to take effect. You can use an updatable object in the Access Control policy as a source, or a destination.

I didn't find anything on the CLI commands in the documentation. Here my knowledge from the reverse engineering.

In 80.20 and above you can run the tool "domains_tool" to show domain object informations.

# domains_tool -d update.microsoft.com   =>  show which IP is associated to a domain object

# domains_tool -ip 1.2.3.4                              => search and privide a list of domains for IP

For more informations about updatable object see sk131852.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2020-01-06 10:25 PM
In response to Markus_Kress
Jump to solution

Because there are underlying Dynamic Objects involved, you should be able to see the IPs involved.
See this thread for more details: https://community.checkpoint.com/t5/General-Management-Topics/Updateable-Objects-and-NAT/m-p/71694#M...

View solution in original post

0 Kudos
9 Replies
PhoneBoy
Admin
Admin
‎2019-07-14 08:59 PM
Jump to solution

The domains_tool command is documented in the Internal notes of sk131852.
0 Kudos
Matthias_Haas
Advisor
‎2019-10-24 03:32 AM
In response to PhoneBoy
Jump to solution

see sk161632  for further details.

the flag -uo  allows to check if the <updatable object name> is in the policy and returns a list of the domains it holds

domains_tool -uo "Office365 Services"

Domain tool looking for domains for 'Office365 Services' and its children object s:

Domains name list for 'Exchange Services':

[1] admin.protection.outlook.com
[2] nam01.dataservice.protection.outlook.com
[3] nam01.admin.protection.outlook.com
[4] na01.safelinks.protection.outlook.com

.....

 

domains_tool -d admin.protection.outlook.com

...

Wait for the next chunk...

---------------------------------------------------------------------------------------------------
| Given Domain name: admin.protection.outlook.com FQDN: yes |
---------------------------------------------------------------------------------------------------
| IP address | sub-domain |
---------------------------------------------------------------------------------------------------
| 104.47.29.21 | no |
---------------------------------------------------------------------------------------------------
Total of 1 IP addresses found

0 Kudos
PhoneBoy
Admin
Admin
‎2019-10-24 10:02 AM
In response to Matthias_Haas
Jump to solution

Looks like that SK was recently created, nice to see it 😊
0 Kudos
HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2019-10-24 10:04 AM
In response to PhoneBoy
Jump to solution

👍

Now two SK's:

sk131852 -> Updatable Objects in R80.20 and above 
and
sk161632 -> Domains Tool (domains_tool) 

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Markus_Kress
Contributor
‎2020-01-06 02:59 PM
In response to HeikoAnkenbrand
Jump to solution

Is there a possibility/tool to view the current ip addresses held by an updatable object? The domains_tool returns the list of domains held by an updatable object, but no ip addresses. So, how can we sure that a certain ip is included/held by the object.
It would be great to have an option to get the list of ip's held by the object.
0 Kudos
PhoneBoy
Admin
Admin
‎2020-01-06 10:25 PM
In response to Markus_Kress
Jump to solution

Because there are underlying Dynamic Objects involved, you should be able to see the IPs involved.
See this thread for more details: https://community.checkpoint.com/t5/General-Management-Topics/Updateable-Objects-and-NAT/m-p/71694#M...
0 Kudos
Markus_Kress
Contributor
‎2020-01-07 12:13 AM
In response to PhoneBoy
Jump to solution

Many thanks, that is exactly what I was looking for.
0 Kudos
CPArk
Participant
‎2025-02-21 10:19 AM
Jump to solution

We are using updateable objects to allow traffic to certain services that exist outside the US, since we use geo blocking. We also have Cisco Umbrella for DNS security, and the updateable objects seem to be creating a rather large amount of Umbrella DNS queries that are driving up the cost of the Umbrella service. Is there a way to limit this or force them to query a public DNS instead of our Umbrella service?

0 Kudos
PhoneBoy
Admin
Admin
‎2025-02-21 02:15 PM
In response to CPArk
Jump to solution

We use whatever DNS server is configured in Gaia OS to query for Updateable Objects.
It is not possible to set a different DNS server just for Updatable Object queries.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events