This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kenneth_Greger1
Participant
‎2022-01-20 02:50 AM

Updatable objects - Zscaler

Hi

We have been using Zscaler for a couple of years, and recently we started to use the Zscaler Updatable Object that CheckPoint is providing.

However, I do see a lot traffic going to Zscaler "systems" worldwide that is not picked up by this rule (Certificate validation servers, PAC servers mainly).

I checked the /opt/CPshrd-R80.40/database/downloads/ONLINE_SERVICES/1.0/200122040225/zscaler.C file, and clearly there are IP ranges that are missing.

Has anybody else come across this?

How do we report back missing IP ranges to CheckPoint?

 

/Kenneth

 

 

0 Kudos
2 Replies
Chris_Atkinson
Employee
Employee
‎2022-01-20 04:48 AM

Typically we monitor a list published by the entity and would update accordingly, is the Zscaler docco in order for the IP ranges in question?

If there is still a gap please report it via TAC.

0 Kudos
Kenneth_Greger1
Participant
‎2022-01-20 05:09 AM
In response to Chris_Atkinson

For example on the Zscaler web page (https://config.zscaler.com/zscloud.net/hubs) it states you need 185.46.212.0/22.

While in the config file (zscaler.C)  you have:

: (
:ip ("185.46.212.0")
:mask (23)
:type (ip_mask)
)

 

 

0 Kudos