Re: customer want to make object included expire t...

DaeGyu_Kyoung · ‎2019-03-04

Hi checkpoint engineer everyone.

Customer wants to make a node object or network object. And they wants an object include expire time. This is point, In here, I do Not tell time object on applying a rule. Just an object is expired on someday. On detail, an what makes object windows should has time configuration part.
Just on my thought, I can not make like that. Customer said me, "If an objects can not set up expire configuration, Please give me a comment or document from checkpoint".
Best way, please leave comment this comment of CHECKMATE.

Maarten_Sjouw · ‎2019-03-04

The reasons why an object with an expiration is a bad idea:

when you use it as the only object in the destination on a rule, after it expires, you have access to any
when you use it as the only object in the source on a rule, after it expires, any has access to your destination

These are just the first 2 I could think of, but I'm sure many others apply.

Regards, Maarten

PhoneBoy · ‎2019-03-06

As Maarten said, this isn't functionality we have.

It's also a bad idea for the reasons Maarten mentions.

Can you explain the use case for this?

DaeGyu_Kyoung · ‎2019-03-11

Customer makes objects about once a month. The objects maybe be related with C&C server information or origin server of malignant code and so on... So they wants to make and delete objects once a month.
If there is expire feature of objects, they are easy about handling tasks. because they do not think about delete objects.

PhoneBoy · ‎2019-03-11

For representing C&C, you might want to use the Custom Intelligence Feeds instead.

What is "Custom Intelligence Feeds" feature?

Or use fw samp rules (on the CLI) using an expiry time.

See: How to configure Rate Limiting rules for DoS Mitigation

customer want to make object included expire time.