May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security
SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend
Paradigm Shifts: Adventures Unleashed!
Capture Your Adventure for a Chance to WIN!
Mastering Compliance
Unveiling the power of Compliance Blade
CPX 2024 Content
is Here!
Harmony SaaS
The most advanced prevention
for SaaS-based threats
CheckMates Go:
CPX 2024 Recap
I made presentation during CPX back in 2022 about the topic of objects that can keep rulebase up to date without actually installing policy (=helping automation and zero trust journey). There has been quite a few improvements since and I keep getting questions so I decided to make a reference point for myself here instead of trying to locate info every time I get asked
| Name | Documentation | Requirements | Data formats | Brief summary |
| Custom Intelligence Feeds (IoC) | sk132193 | R80.30 + AB/AV blade | CSV or STIX XML | To be efficient, HTTPS inspection will be required It can only block and cannot be used as an object in rules CLI only (so each GW must be updated separately) before R81 Supports many data types: IP, URL, domain, Hashes etc. |
| Generic Datacenter object | sk167210 | R81 + FW blade | JSON | IP as source data only (no domains nor URLs) Can be used in regular rules (drop and accept) |
| External Network feed | Security Management R81.20 Administration Guide | R81.20 + FW blade | Text or JSON | Technically the same principle as Updatable Objects IP and domains can be used as source data Can be used in regular rules Wildcards in domain names can be tricky, read manuals and test |
| Domain Objects (aka FQDN objects) | sk120633 - main article sk161612 - DNS passive learning sk161632 - domains tool |
R80.10 + FW blade | CP Object | Domain names only (not URLs) Can be used in regular rules Wildcards (non-FQDN mode) can be tricky, read manuals and test Nothing to maintain externally |
| Dynamic Objects | skI1915 | R54 + FW blade | via CLI only | IP as source data only (no domains nor URLs) Can be used in regular rules (drop and accept) CLI updates only (so each GW must be updated separately) Must be scripted, won't update by itself |
| Updatable Objects | sk131852 | R80.20 + FW blade | NA | Pre-defined by Check Point, cannot be modified Can be used in regular rules to accept and drop |
| IoT Protect | Quantum IoT Protect Administration Guide |
R81.20 + IOT blade R81.10 is in EA |
NA |
Pre-defined by Check Point, cannot be modified License is required! All-in-one does not work |
| Identity Roles | Identity Awareness Administration Guide | R77 | NA | External sources that will map users to IPs dynamically Whole separate subject, but not to be forgotten |
| Data Center Query | Data Center Query Objects | R81.10 | Tags obtained from DC | Query Object based on attributes across multiple data centers |
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
