This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Geomix7
Collaborator
‎2020-08-20 12:30 AM
Jump to solution

Updatable Objects R80.20

Hello Guys ,

We are going to use Updatable Objects for Office 365. Some questions that arises and  i would like to hear some suggestions from people that tested it.

  • Those services is a combination of IP addresses & domains .How an IP address (mechanism) is checked to verify if match for a domain which is included in Office 365?
  • How this Mechanism works?
  • Where to position this  rule in rule base and why?
  • Any performance impact?
  • Known issues ?
  • Any impact in DNS server?

 

Thanks in advanced!

0 Kudos
2 Solutions

Accepted Solutions
_Val_
Admin
Admin
‎2020-08-20 01:35 AM
In response to Geomix7
Jump to solution

Hi @Geomix7 , I tend to agree with @G_W_Albrecht that most of your questions are actually answered in the quoted solutions. Nevertheless, let me answer to those questions directly:

Q: Those services is a combination of IP addresses & domains .How an IP address (mechanism) is checked to verify if match for a domain which is included in Office 365? How this Mechanism works?

A: List of IPs and domains is pulled from the source. Domain objects are also resolved into IP addresses. 

Q: Where to position this  rule in rule base and why?

A: Updatable objects can be used in the rulebase at will. As they are SXL-friendly, position does not matter.

Q: Any performance impact?

A: Practically no impact.

Q: Known issues ?

A: Specifically for O365, sometimes resolution of MS wild card objects can be incomplete, for certain sub-domains. These occurrences are very rare, but if you experience one, feel free to address it with a support ticket.

Q: Any impact in DNS server?

A: Some unfrequent periodical DNS requests are being sent by FW, but the amount of those is not high at all, and will not affect DNS servers much.

 

I hope this helps. 

View solution in original post

Fadi_Moussa
Employee
Employee
‎2020-08-24 12:45 AM
In response to Cyber_Serge
Jump to solution

Hi Frank-Yao1

 

This is a known issue that was solved in newer releases, and we are currently working on porting the fix To JHF of other versions. 

 

Meanwhile please use the following Workaround on your management server:

cloudguard stop
cloudguard start

 

can you please verify if this solves your issue? 

 

Thanks

Fadi 

View solution in original post

0 Kudos
7 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-08-20 01:07 AM
Jump to solution

Please consult the following:

sk131852: Updatable Objects in R80.20 and above

sk135572: Microsoft Office 365 objects as Network Objects in R80.20 and above

sk122636: How to troubleshoot Updatable Objects in R80.20 and higher

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Geomix7
Collaborator
‎2020-08-20 01:14 AM
In response to G_W_Albrecht
Jump to solution

Hello Albrecht , 

I already read those SKs and still my questions not answered.

 

Thanks

0 Kudos
_Val_
Admin
Admin
‎2020-08-20 01:35 AM
In response to Geomix7
Jump to solution

Hi @Geomix7 , I tend to agree with @G_W_Albrecht that most of your questions are actually answered in the quoted solutions. Nevertheless, let me answer to those questions directly:

Q: Those services is a combination of IP addresses & domains .How an IP address (mechanism) is checked to verify if match for a domain which is included in Office 365? How this Mechanism works?

A: List of IPs and domains is pulled from the source. Domain objects are also resolved into IP addresses. 

Q: Where to position this  rule in rule base and why?

A: Updatable objects can be used in the rulebase at will. As they are SXL-friendly, position does not matter.

Q: Any performance impact?

A: Practically no impact.

Q: Known issues ?

A: Specifically for O365, sometimes resolution of MS wild card objects can be incomplete, for certain sub-domains. These occurrences are very rare, but if you experience one, feel free to address it with a support ticket.

Q: Any impact in DNS server?

A: Some unfrequent periodical DNS requests are being sent by FW, but the amount of those is not high at all, and will not affect DNS servers much.

 

I hope this helps. 

Cyber_Serge
Collaborator
‎2020-08-21 11:29 AM
Jump to solution

Anyone experience issue with updatable objects? I notice in the management dashboard under Validation tab it's showing several objects "is no longer supported". I've seen Microsoft Dynamic CRM Service, Amazon Web Services, Webex Services....even location object United States and Canada.

Is it trying to tell us to upgrade from R80.20 to R80.40?

 

0 Kudos
Fadi_Moussa
Employee
Employee
‎2020-08-24 12:45 AM
In response to Cyber_Serge
Jump to solution

Hi Frank-Yao1

 

This is a known issue that was solved in newer releases, and we are currently working on porting the fix To JHF of other versions. 

 

Meanwhile please use the following Workaround on your management server:

cloudguard stop
cloudguard start

 

can you please verify if this solves your issue? 

 

Thanks

Fadi 

0 Kudos
sajin
Contributor
‎2020-10-09 10:38 AM
In response to Fadi_Moussa
Jump to solution

Hi,

In the Updatable Object rule for O365 we are receiving logs accepted to Yahoo domain and crosschecked those IP. Those IP are mapped to Yahoo domain.

But the ports are SMTP, TCP 587, IMAP, POP3. 

I had attached the screenshot of the logs. Please verify.

 

Regards,

sajin

Preview file
81 KB
0 Kudos
Micky_Michaeli
Employee
Employee
‎2020-10-12 02:14 AM
In response to sajin
Jump to solution

Hi,

Updatable Objects can be used in Source and Destination columns only, so it matched only according to IPs (and domains which resolved to IPs).

Updatable Objects are not including ports information.

As part of Office365 Services we have an object called "Office365 Third Party Domains" which includes domains as Yahoo which are derived from MS feed.

Customers would like to avoid getting matches on  3rd party domains, should use the child object called “O365 worldwide services” and not the parent object.

 

Thanks,

Micky

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events