This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
NilsKS
Participant
‎2022-01-29 10:22 AM

Limit outbound HTTPS on servers using ADSync / Azure ARC / Akamai

Jump to solution

Hi,

Check Point FW-1 R81.10.

I am in the process of implementing application rules to control/limit outbound http/https. Have this up and running for most Windows servers, but I am struggling with servers monitored by Azure ARC and servers running ADsync.

I have allowed the following services / application in the application rulebase:

cp.PNG

I still see lots of HTTP/HTTPS traffic to Microsoft Azure IP-addresses, but I am not able to find any (dymnamic) objects that includes Azure services /Azure ARC, ADsync).

Are there any Check Point objects that includes the Microsoft Azure IP addresses used for these services?? 

The same goes for Akamai HTTPS services. How to whitelist those??

 

Nils

 

 

Labels
0 Kudos
1 Solution

Accepted Solutions
Ilya_Yusupov
Employee
Employee
‎2022-01-31 08:21 AM
In response to Ilya_Yusupov

Jump to solution

Hi,

 

Updating the thread, we saw 2 issues:

 

1. There is a known issue of some occasions that the package will not get updates and we have a fix that is not yet released in the Jumbo, should be in the future JHF release.

2. UI issue, where we tried to add object via right click add new items, in such flow most of the time the picker of updatable objects will not be opened, a bug that we will take it with RnD to solve.

 

Thank you very much for your feedback and time @NilsKS .

View solution in original post

4 Replies
Ilya_Yusupov
Employee
Employee
‎2022-01-30 05:14 AM

Jump to solution

Hi @NilsKS ,

 

We do have updatable objects that address your requirement, did you tried it?

Please let me know if it's indeed answer your question or you are looking for something else.

 

Thanks,

Ilya 

Preview file
116 KB
0 Kudos
NilsKS
Participant
‎2022-01-30 08:45 AM
In response to Ilya_Yusupov

Jump to solution

Hi Ilya,

This is the complete list of updatable objects on my firewall:

 

cp.PNG

I was looking for an application / service to allow these services with source:Internet, but I guess the correct thing to do is to use the above Windows / Microsoft updatable objects as source?

Thanks!

Best,

Nils

 

0 Kudos
Ilya_Yusupov
Employee
Employee
‎2022-01-30 08:56 AM
In response to NilsKS

Jump to solution

Hi @NilsKS,

 

i will take it with you offline as the list is not completed so i'm trying to understand what's went wrong there.

 

Thanks,

Ilya 

0 Kudos
Ilya_Yusupov
Employee
Employee
‎2022-01-31 08:21 AM
In response to Ilya_Yusupov

Jump to solution

Hi,

 

Updating the thread, we saw 2 issues:

 

1. There is a known issue of some occasions that the package will not get updates and we have a fix that is not yet released in the Jumbo, should be in the future JHF release.

2. UI issue, where we tried to add object via right click add new items, in such flow most of the time the picker of updatable objects will not be opened, a bug that we will take it with RnD to solve.

 

Thank you very much for your feedback and time @NilsKS .