This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
DaeGyu_Kyoung
Participant
‎2019-03-04 07:29 PM

customer want to make object included expire time.

Hi checkpoint engineer everyone.

Customer wants to make a node object or network object. And they wants an object include expire time. This is point, In here, I do Not tell time object on applying a rule. Just an object is expired on someday. On detail, an what makes object windows should has time configuration part.
Just on my thought, I can not make like that. Customer said me, "If an objects can not set up expire configuration, Please give me a comment or document from checkpoint".
Best way, please leave comment this comment of CHECKMATE.

4 Replies
Maarten_Sjouw
Champion
Champion
‎2019-03-04 11:36 PM

The reasons why an object with an expiration is a bad idea:

  1. when you use it as the only object in the destination on a rule, after it expires, you have access to any
  2. when you use it as the only object in the source on a rule, after it expires, any has access to your destination

These are just the first 2 I could think of, but I'm sure many others apply.

Regards, Maarten
PhoneBoy
Admin
Admin
‎2019-03-06 05:54 PM

As Maarten said, this isn't functionality we have.

It's also a bad idea for the reasons Maarten mentions.

Can you explain the use case for this?

DaeGyu_Kyoung
Participant
‎2019-03-11 02:05 AM
In response to PhoneBoy

Customer makes objects about once a month. The objects maybe be related with C&C server information or origin server of malignant code and so on... So they wants to make and delete objects once a month.
If there is expire feature of objects, they are easy about handling tasks. because they do not think about delete objects.

PhoneBoy
Admin
Admin
‎2019-03-11 02:37 AM
In response to DaeGyu_Kyoung

For representing C&C, you might want to use the Custom Intelligence Feeds instead.

What is "Custom Intelligence Feeds" feature? 

Or use fw samp rules (on the CLI) using an expiry time.

See: How to configure Rate Limiting rules for DoS Mitigation 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top