This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dnitsky
Explorer
‎2023-12-18 04:06 PM
Jump to solution

Anyone have experience with the 'zScaler Services' Updatable Object - R81

We're running R81, and I'm looking to start using the 'Updatable Objects' - particularly the one marked 'Zscaler Services'. 

Looking for the below:

  • I assume these 'updatable objects' perform similarly to what's called 'ISDB Objects' in FortiGates. 
  • Do these perform well on CheckPoints?
  • Does anyone know if this 'Zscaler Services' object includes both ZIA and ZPA? 
    • There are no published lists I can see to confirm this, just a link to the public Service Info page. 
  • How often are these updated by CheckPoint, or do they generally point to a public JSON/XML to update? 

 

Thanks in Advance!

Dan

 

0 Kudos
2 Solutions

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-12-18 06:12 PM
In response to dnitsky
Jump to solution

They are not polled from the management server, they are pulled directly from the gateways once an hour, I believe.
For how Domain Objects work, see: https://support.checkpoint.com/results/sk/sk90401 

View solution in original post

0 Kudos
PhoneBoy
Admin
Admin
‎2023-12-19 08:05 AM
In response to Vincent_Bacher
Jump to solution

We list sources for some applications here: https://support.checkpoint.com/results/sk/sk131852 
zScaler is specifically listed, and I assume we are pulling the full JSON file they provide: https://config.zscaler.com/api/zscaler.net/cenr/json 

View solution in original post

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2023-12-18 06:02 PM
Jump to solution

All of our Updatable Objects are updated based on vendor-provided JSON/XML.
You should be able to see what's in them: https://community.checkpoint.com/t5/Security-Gateways/AWS-Updateable-Objects/m-p/99010 
Or with: https://support.checkpoint.com/results/sk/sk161632 

0 Kudos
dnitsky
Explorer
‎2023-12-18 06:08 PM
In response to PhoneBoy
Jump to solution

Thanks @PhoneBoy!

Couple follow up questions:

How often are the Vendor JSONs polled/updated by the management server?

 

Also a quick question while I have you (as I figure it's semi-related):

When using the Domain object (eg. www.checkpoint.com) in a destination, are those resolved IP's cached for some time before being re-polled, or does a resolution happen each time the policy is passed? I'm finding conflicting answers to this. 

Thanks again!

 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-12-18 06:12 PM
In response to dnitsky
Jump to solution

They are not polled from the management server, they are pulled directly from the gateways once an hour, I believe.
For how Domain Objects work, see: https://support.checkpoint.com/results/sk/sk90401 

0 Kudos
dnitsky
Explorer
‎2023-12-18 06:14 PM
In response to PhoneBoy
Jump to solution

Interesting - so each gateway which needs to reference a Updatable Object needs to DNS/Internet or Proxy capability?
I'm quite surprised it's not done from the management server. 

Thanks for the SK, will read up on that. 

0 Kudos
Vincent_Bacher
Advisor
Advisor
‎2023-12-18 10:31 PM
In response to PhoneBoy
Jump to solution

Is there a way to see the URL where the vendor provided json is downloaded from? Then the question of thread opener could be answered.

@dnitskyI guess, ZIA and ZPA are both included as ZEN are used for both. I assume that all necessary targets should be achievable when used in a policy.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
PhoneBoy
Admin
Admin
‎2023-12-19 08:05 AM
In response to Vincent_Bacher
Jump to solution

We list sources for some applications here: https://support.checkpoint.com/results/sk/sk131852 
zScaler is specifically listed, and I assume we are pulling the full JSON file they provide: https://config.zscaler.com/api/zscaler.net/cenr/json 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top