- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Updatable Objects - Audit changes and contents
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Updatable Objects - Audit changes and contents
Hi,
I have been looking at rolling out Updatable Objects on our firewall policies, specifically for Zscaler at the moment. Is there a way to:
- Check in SmartConsole Logs when the Objects are changed/updated?
- Interrogate the contents of the Updatable Object on the Gateways themselves?
For context, I have looked at sk131852 (Updatable Objects (checkpoint.com)), sk173416 (How to manage access to external services using Updatable objects - FAQ (checkpoint.com)) and sk161632 (Domains Tool (domains_tool) (checkpoint.com)). The Domains_Tool is useful but only shows that domains are used, not IP addresses.
The admin guides shows the following, but it does not seem to work for me, or I cannot filter enough to see it!:
Thanks
Andy
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can use domains_tool to show you what IPs are associated with each domain.
The updatable objects are updated from files downloaded to $CPDIR/database/downloads/ONLINE_SERVICES on the gateways.
The original source material for each of the Updatable Objects should be listed here: https://support.checkpoint.com/results/sk/sk131852
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can use domains_tool to show you what IPs are associated with each domain.
The updatable objects are updated from files downloaded to $CPDIR/database/downloads/ONLINE_SERVICES on the gateways.
The original source material for each of the Updatable Objects should be listed here: https://support.checkpoint.com/results/sk/sk131852
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the response. I can see within the "ONLINE_SERVICES" folders all the services listed:
If you "cat" one these services files you get the complete listing of domains and IPs associated with the services.
That should answer everything my infosec colleagues would required, so thanks for the point in the right direction. I appreciate it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I figured the source files would probably be the most useful 🙂
