Who rated this post

cancel
Showing results for 
Search instead for 
Did you mean: 
Kaspars_Zibarts
Employee Employee
Employee

Cheat sheet for "dynamic" type objects references

I made presentation during CPX back in 2022 about the topic of objects that can keep rulebase up to date without actually installing policy (=helping automation and zero trust journey). There has been quite a few improvements since and I keep getting questions so I decided to make a reference point for myself here instead of trying to locate info every time I get asked 

Name Documentation Requirements Data formats Brief summary
Custom Intelligence Feeds (IoC) sk132193 R80.30 + AB/AV blade CSV or STIX XML To be efficient, HTTPS inspection will be required
It can only block and cannot be used as an object in rules
CLI only (so each GW must be updated separately) before R81
Supports many data types: IP, URL, domain, Hashes etc.
Generic Datacenter object sk167210 R81 + FW blade JSON IP as source data only (no domains nor URLs)
Can be used in regular rules (drop and accept)
External Network feed Security Management R81.20 Administration Guide R81.20 + FW blade Text or JSON Technically the same principle as Updatable Objects
IP and domains can be used as source data
Can be used in regular rules
Wildcards in domain names can be tricky, read manuals and test
Domain Objects (aka FQDN objects) sk120633 - main article
sk161612 - DNS passive learning
sk161632 - domains tool
R80.10 + FW blade CP Object Domain names only (not URLs)
Can be used in regular rules
Wildcards (non-FQDN mode) can be tricky, read manuals and test
Nothing to maintain externally
Dynamic Objects skI1915 R54 + FW blade via CLI only IP as source data only (no domains nor URLs)
Can be used in regular rules (drop and accept)
CLI updates only (so each GW must be updated separately)
Must be scripted, won't update by itself
Updatable Objects sk131852  R80.20 + FW blade NA Pre-defined by Check Point, cannot be modified
Can be used in regular rules to accept and drop
IoT Protect Quantum IoT Protect Administration Guide 

R81.20 + IOT blade

R81.10 is in EA

NA

Pre-defined by Check Point, cannot be modified
Requires integration with CP Infinity cloud

License is required! All-in-one does not work

Identity Roles Identity Awareness Administration Guide  R77 NA External sources that will map users to IPs dynamically
Whole separate subject, but not to be forgotten
Data Center Query Data Center Query Objects  R81.10 Tags obtained from DC Query Object based on attributes across multiple data centers
(2)
Who rated this post