Hi

I have some CloudGuard firewalls in Azure on R80.40. I manage them using SmartConsole.

I've created Updateable Objects for some Azure services before having problems with this specific Tag and they all work fine. There are no internet connectivity issues from the Gateways or the SmartConsole.

However, when specifically adding the  "Azure Site Recovery Public Services" tag to a policy, it works for a day or so and then just randomly fails. The specific IPs that match against the policy when I initially create it are: 51.140.212.82 & 51.141.3.203. They eventually stop matching. I know these IPs are in this specific Azure Service Tag because I can see them in the JSON.

I've also noticed some weirdness for this specific UO when using 'domains_tool and 'dynamic_objects -uo_show'. domains_tool gives this output:

# domains_tool -uo "Azure Site Recovery Public Services
Internal error, for more information use DEBUG mode

It works fine for other UOs.

The UO simply doesn't show when using 'dynamic_objects', but my other ones are working because I can see them in the list, e.g:

# dynamic_objects -uo_show

object name : CP_MS_Common
range 0 : 13.107.6.171 13.107.6.171
range 1 : 13.107.18.15 13.107.18.15
range 2 : 13.107.140.6 13.107.140.6

....

Unfortunately, despite paying the licensing fee the entire lifetime of this deployment, nobody thought to enable Application Control so I can't get around this by using wildcard domains.

So, I'm not really sure where to look next?

Thank you.