This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vincent_Bacher
MVP Silver
MVP Silver
‎2025-11-11 06:19 AM

Streamlining Local to Global Object Transition in Multi Domain Management

Hello CheckMates Community,

I am reaching out to seek advice and share a challenge we are facing with our Check Point Multi Domain Management setup. We have a large number of CMAs, and over time, due to various administrators working independently, we have accumulated a significant number of local objects. Many of these local objects, such as a network like 10.10.10.0/24, exist across multiple CMAs, sometimes with different names, instead of using the global objects. This redundancy likely contributes to unnecessary database inflation.

We are looking for a way to streamline this by replacing local objects with their corresponding global objects wherever possible. Initially, we aim to identify and replace all local objects that have existing global counterparts. As a next step, it would be beneficial to analyze objects that exist across multiple CMAs but do not yet have a global equivalent, and potentially create global objects for these, replacing the local ones.

Has anyone in the community tackled this task before? Additionally, has anyone developed or used API-based solutions to automate this process? Any insights, experiences, or recommendations would be greatly appreciated.

If this hasn't been done before, I will consider planning to start exploring solutions using artificial intelligence and see how far I can get with it and how successful it might be. 🙂

Thank you in advance for your help!

Best regards,
Vince

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
2 Replies
Henrik_Noerr1
Advisor
‎2025-11-11 07:41 AM

We went the opposite way - scraping off all global assignments from local domains.

I have only seen pain when global objects are used in local policies. If you are able to enforce that global objects are only used in the global policy - fine... If not it will cause pain when having to migrate a domain or generally upgrading. Global policies come with the added pain of remembering to update the IPS policy when upgrading, or it will fail.

/Henrik

0 Kudos
Vincent_Bacher
MVP Silver
MVP Silver
‎2025-11-11 08:10 AM
In response to Henrik_Noerr1

Interesting. We did not face any issues like that when upgrading. Last week our management was upgraded to R82 and no issues as well.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events