We have IaaS configured in Azure public cloud. We need to bypass https inspection for Windows servers reaching Azure fabric. I am wondering how can I create that rule.
Moving this to General Product Topics since this not specific to vSEC.
Even if we had an Application Control category, you can't use Application Categories in the HTTPS Inspection rulebase.
For your specific use case, is it to reach ANYTHING in the Azure fabric or specific applications?
If just specific applications, then you can just put the specific IPs in as destinations in your HTTPS Inspection rulebase.
If you're talking about anything in Azure in general, we don't have a ready-made solution today.
That said there is functionality under development to support automatically updating dynamic objects for the purposes of using them in things like the HTTPS Inspection policy.
Right now this functionality is focused on Office 365, though I suppose it could be extended to Azure easily enough.
It's available as an Early Availability fix on top of R80.10.
If you're interested, I recommend reaching out to your local Check Point SE.
Thanks Dameon. My use case is to reach all of 'Azure' fabric not just specific applications
I will check with my SE to see if the office 365 object can be extended to whole of Azure as well.
I checked with R&D, having the Azure IPs available as a dynamic object is part of the plans.
However, the current EA does not include it.
Thanks for the update Dameon
Retrieving data ...