Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Norbert_Bohusch
Advisor

Updateable objects for Check Point Cloud Services

During two PoCs/implementations in the last month, I implemented Harmony Endpoint with cloud-based management for a customer.

Both times the customer didn't want to allow full access to the internet for his clients (or at least the servers using EPS), so we followed sk116590

In my opinion the infrastructure is there, so please publish the domains from this SK also as an updatable object.

 

There might be other use cases for URLs a gateway or other Check Point services may need, so a general approach would be nice, for sure.

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

Believe this is in the works and should be available in the near future.

PhoneBoy
Admin
Admin

As of today, this is now available.
Thanks to @Micky_Michaeli and team!
It's not showing in Demo Mode, but it does show on my regular management server:

Screen Shot 2021-05-27 at 10.50.16 PM.png

The list of domains covered by this object is here: https://secureupdates.checkpoint.com/cp_services/V1_0_0/gw/cp_services_uo 

Norbert_Bohusch
Advisor

Perfect! Thanks 😀

The description could be a bit clearer though.

E.g. for which cloud services the domains of Check Point are included: 

- Updates for gateways with NGTX is included? I assume yes

- Updates/Mgmt for Harmony Endpoint is included? I assume yes

- Harmony Connect gateways are not included, as they are with FQDN <company-id>.cgcvpn.checkpoint.cloud

- what else am I missing?

 

0 Kudos
David_Charnon
Collaborator

This is great, I remember asking for this two years ago at CPX. However, it would be great if the Check Point Services object were broken down into sub-services, e.g. services/domains needed for endpoints, licensing, IPS updates, etc. We don't need or want to give every device running Check Point software access to every Check Point domain.

 

Dave

0 Kudos