This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Shurik
Participant
‎2020-12-02 12:32 PM

Outbound wildcard objects

Hello guys,

I'm looking to allow access to office 365 URLs, but having problem to allow access to wildcard objects, like *.outlook365.com etc.

I came across this article - https://community.checkpoint.com/t5/Next-Generation-Firewall/White-Paper-Implementing-Non-FQDN-Domai...

Unfortunately it doesn't work for me. I can allow access to specific domain, but now to wildcard objects.

What possibly I'm doing wrong?

Should I have URL filtering or application control in order to be able to allow wildcard access?

 

Our current version is R80.10

 

Thanks!

0 Kudos
3 Replies
Wolfgang
Mentor
Mentor
‎2020-12-02 12:43 PM

Best solution would be an update to a newer version and using updatables object.

Microsoft Office 365 objects as Network Objects in R80.20 and above 

Wolfgang

Shurik
Participant
‎2020-12-02 01:34 PM
In response to Wolfgang

Thanks! That's a cool option 🙂

Any known performance issues with updatable objects?

0 Kudos
PhoneBoy
Admin
Admin
‎2020-12-02 12:45 PM

Non-FQDN domain objects don’t work in practice because reverse DNS on the relevant IP addresses rarely works.
We have Updatable Objects in R80.20+ that can be used to allow access to Office 365 without implementing App Control.
You can also do it with App Control but you should really upgrade to R80.30+ for the improved SNI support in HTTPS traffic (will improve App Control/URLF detection overall as well).
Also, R80.10 is nearing its End of Support date, so you have plenty of reasons to upgrade.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫