Create a Post
Showing results for 
Search instead for 
Did you mean: 

Cheat sheet for "dynamic" type objects references

I made presentation during CPX back in 2022 about the topic of objects that can keep rulebase up to date without actually installing policy (=helping automation and zero trust journey). There has been quite a few improvements since and I keep getting questions so I decided to make a reference point for myself here instead of trying to locate info every time I get asked 

Name Documentation Requirements Data formats Brief summary
Custom Intelligence Feeds (IoC) sk132193 R80.30 + AB/AV blade CSV or STIX XML To be efficient, HTTPS inspection will be required
It can only block and cannot be used as an object in rules
CLI only (so each GW must be updated separately) before R81
Supports many data types: IP, URL, domain, Hashes etc.
Generic Datacenter object sk167210 R81 + FW blade JSON IP as source data only (no domains nor URLs)
Can be used in regular rules (drop and accept)
External Network feed Security Management R81.20 Administration Guide R81.20 + FW blade Text or JSON Technically the same principle as Updatable Objects
IP and domains can be used as source data
Can be used in regular rules
Wildcards in domain names can be tricky, read manuals and test
Domain Objects (aka FQDN objects) sk120633 - main article
sk161612 - DNS passive learning
sk161632 - domains tool
R80.10 + FW blade CP Object Domain names only (not URLs)
Can be used in regular rules
Wildcards (non-FQDN mode) can be tricky, read manuals and test
Nothing to maintain externally
Dynamic Objects skI1915 R54 + FW blade via CLI only IP as source data only (no domains nor URLs)
Can be used in regular rules (drop and accept)
CLI updates only (so each GW must be updated separately)
Must be scripted, won't update by itself
Updatable Objects sk131852  R80.20 + FW blade NA Pre-defined by Check Point, cannot be modified
Can be used in regular rules to accept and drop
IoT Protect Quantum IoT Protect Administration Guide 

R81.20 + IOT blade

R81.10 is in EA


Pre-defined by Check Point, cannot be modified
Requires integration with CP Infinity cloud

License is required! All-in-one does not work

Identity Roles Identity Awareness Administration Guide  R77 NA External sources that will map users to IPs dynamically
Whole separate subject, but not to be forgotten
Data Center Query Data Center Query Objects  R81.10 Tags obtained from DC Query Object based on attributes across multiple data centers
9 Replies

Thanks for this great overview! 👍
Could you please make the SKs clickable (add a link to them)?
From my point of view these objects are dynamic as well:

  • Application Control objects and categories
  • Custom application regex's
  • IPS protections / Inspection settings
  • Security zone objects

good point! I'll need to collect info before I do 🙂

0 Kudos

Nice one, @Kaspars_Zibarts 

Fixed the table width, also I second the request to add links 🙂 


fixed! had very little time this morning, sorry 🙂


Very nice, thanks for sharing! 👍

0 Kudos

Thanks for the great info!

0 Kudos

Very nice table!

I am missing data center object and data center QUERY objects:

Would be great to add it 😉

Thank you


This is precisely what I was looking for. I think this table should be published as SK. Great job!

What about IP Block / URL block feature? As per sk103154 it is "R80.30 / R80.40 without Anti-Virus or Anti-Bot, no longer the best practice" but perhaps still worth mentioning.

P.S. Here is fresh recorded session on the same subject - Tips and Tricks for Dynamic, Updatable, and API-Generated Objects


Great to hear that I just didn't waste my time for myself 🙂 will have to sit and update it!

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events