This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
MVP Gold
MVP Gold
‎2025-08-21 07:51 AM

Tip for case where adding so many wildcards/fqdns does not work in the policy

Hey guys,

Just wanted to share something I discovered when troubleshooting an issue with a customer. I know this is very unconventional way to fix such a problem, but it foes work. So, they were trying to access sql server on port 1433, but considering an IP would randomly change, we tried using wildcard for microsoft, azure and akamaitechnologies based on the logs we found, but nothing worked.

TAC also kept suggesting we add more fqdns, but considering nothing worked, I was thinking about it and thought, well, if below site gives proper IP range, why not just add an IP range in the destination and we also added one for USA as well, and that worked fine. Logs, in this case, sadly never give fqdn, always just an IP and YES, the resolve option is checked.

Example of one range:

https://whois.domaintools.com/52.228.81.188

Anyway, thought would share that in case someone else encounters the same issue. I wish we could make it work using url custom objects, but it sure beats spending hours on end troubleshooting this, when we dont even know the proper list : - )

Best,

Andy

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2025-08-21 12:54 PM

Yeah, this is a tough issue to solve for those environments with a strict outbound Internet policy.

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-08-21 12:59 PM
In response to PhoneBoy

Agree 100%. But, you know whats one thing that surprised me...not sure if this is normal/expected, but considering that all IPs client showed me are related to Microsoft, its odd that even after we added *microsoft* in the policy, that did not work, not sure why.

Yes, while they dont use https inspection, I dont believe that is even needed for something like this.

Anyway, we have a somewhat good solution, for now : - )

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2025-08-21 02:39 PM
In response to the_rock

For *microsoft* to work, the sites would have to be serving HTTPS certificates that match.
They may not be in these cases.

(1)
the_rock
MVP Gold
MVP Gold
‎2025-08-21 02:41 PM
In response to PhoneBoy

yeah...good point.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events