Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Geomix7
Collaborator
Jump to solution

Updatable Objects R80.20

Hello Guys ,

We are going to use Updatable Objects for Office 365. Some questions that arises and  i would like to hear some suggestions from people that tested it.

  • Those services is a combination of IP addresses & domains .How an IP address (mechanism) is checked to verify if match for a domain which is included in Office 365?
  • How this Mechanism works?
  • Where to position this  rule in rule base and why?
  • Any performance impact?
  • Known issues ?
  • Any impact in DNS server?

 

Thanks in advanced!

0 Kudos
2 Solutions

Accepted Solutions
_Val_
Admin
Admin

Hi @Geomix7 , I tend to agree with @G_W_Albrecht that most of your questions are actually answered in the quoted solutions. Nevertheless, let me answer to those questions directly:

Q: Those services is a combination of IP addresses & domains .How an IP address (mechanism) is checked to verify if match for a domain which is included in Office 365? How this Mechanism works?

A: List of IPs and domains is pulled from the source. Domain objects are also resolved into IP addresses. 

Q: Where to position this  rule in rule base and why?

A: Updatable objects can be used in the rulebase at will. As they are SXL-friendly, position does not matter.

Q: Any performance impact?

A: Practically no impact.

Q: Known issues ?

A: Specifically for O365, sometimes resolution of MS wild card objects can be incomplete, for certain sub-domains. These occurrences are very rare, but if you experience one, feel free to address it with a support ticket.

Q: Any impact in DNS server?

A: Some unfrequent periodical DNS requests are being sent by FW, but the amount of those is not high at all, and will not affect DNS servers much.

 

I hope this helps. 

View solution in original post

Fadi_Moussa
Employee
Employee

Hi Frank-Yao1

 

This is a known issue that was solved in newer releases, and we are currently working on porting the fix To JHF of other versions. 

 

Meanwhile please use the following Workaround on your management server:

cloudguard stop
cloudguard start

 

can you please verify if this solves your issue? 

 

Thanks

Fadi 

View solution in original post

0 Kudos
7 Replies
G_W_Albrecht
Legend Legend
Legend
0 Kudos
Geomix7
Collaborator

Hello Albrecht , 

I already read those SKs and still my questions not answered.

 

Thanks

0 Kudos
_Val_
Admin
Admin

Hi @Geomix7 , I tend to agree with @G_W_Albrecht that most of your questions are actually answered in the quoted solutions. Nevertheless, let me answer to those questions directly:

Q: Those services is a combination of IP addresses & domains .How an IP address (mechanism) is checked to verify if match for a domain which is included in Office 365? How this Mechanism works?

A: List of IPs and domains is pulled from the source. Domain objects are also resolved into IP addresses. 

Q: Where to position this  rule in rule base and why?

A: Updatable objects can be used in the rulebase at will. As they are SXL-friendly, position does not matter.

Q: Any performance impact?

A: Practically no impact.

Q: Known issues ?

A: Specifically for O365, sometimes resolution of MS wild card objects can be incomplete, for certain sub-domains. These occurrences are very rare, but if you experience one, feel free to address it with a support ticket.

Q: Any impact in DNS server?

A: Some unfrequent periodical DNS requests are being sent by FW, but the amount of those is not high at all, and will not affect DNS servers much.

 

I hope this helps. 

Cyber_Serge
Collaborator

Anyone experience issue with updatable objects? I notice in the management dashboard under Validation tab it's showing several objects "is no longer supported". I've seen Microsoft Dynamic CRM Service, Amazon Web Services, Webex Services....even location object United States and Canada.

Is it trying to tell us to upgrade from R80.20 to R80.40?

 

0 Kudos
Fadi_Moussa
Employee
Employee

Hi Frank-Yao1

 

This is a known issue that was solved in newer releases, and we are currently working on porting the fix To JHF of other versions. 

 

Meanwhile please use the following Workaround on your management server:

cloudguard stop
cloudguard start

 

can you please verify if this solves your issue? 

 

Thanks

Fadi 

0 Kudos
sajin
Contributor

Hi,

In the Updatable Object rule for O365 we are receiving logs accepted to Yahoo domain and crosschecked those IP. Those IP are mapped to Yahoo domain.

But the ports are SMTP, TCP 587, IMAP, POP3. 

I had attached the screenshot of the logs. Please verify.

 

Regards,

sajin

0 Kudos
Micky_Michaeli
Employee
Employee

Hi,

Updatable Objects can be used in Source and Destination columns only, so it matched only according to IPs (and domains which resolved to IPs).

Updatable Objects are not including ports information.

As part of Office365 Services we have an object called "Office365 Third Party Domains" which includes domains as Yahoo which are derived from MS feed.

Customers would like to avoid getting matches on  3rd party domains, should use the child object called “O365 worldwide services” and not the parent object.

 

Thanks,

Micky

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events