Support Center > Search Results > SecureKnowledge Details
Updatable Objects in R80.20 and higher Technical Level
Solution

An updatable object is a network object that represents an external service, such as Office 365, AWS, GEO locations and more. External services providers publish lists of IP addresses, or Domains, or both, to allow access to their services. These lists are dynamically updated. Updatable objects derive their contents from these published lists of the providers, which Check Point uploads to the Check Point cloud. The updatable objects are updated automatically on the Security Gateway each time the provider changes a list. There is no need to install policy for the updates to take effect. You can use an updatable object in the Access Control policy as a source, or a destination.

These are the currently supported external services for updatable objects:

Feed Description
Amazon Web Services (AWS) Amazon Web Services (abbreviated AWS) is a collection of remote computing services (also called web services) that together make up a cloud computing platform, offered over the Internet by Amazon.

https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
Azure Microsoft Azure is a collection of cloud computing services created by Microsoft, services like Azure SQL, Storage, Traffic Manager, Cloud, Cosmos DB, Event Hub, Key Vault and Service Bus.

https://www.microsoft.com/en-us/download/details.aspx?id=56519

https://www.microsoft.com/en-us/download/details.aspx?id=57062

https://www.microsoft.com/en-us/download/details.aspx?id=57063
Box Box focuses on cloud content management and file sharing service for businesses. Official clients and apps are available for Windows, macOS, and several mobile platforms.

https://support.box.com/hc/en-us/articles/360043696434-Configuring-A-Firewall-For-Box-Applications
Check Point Provides list of Check Point's online security services domains.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk83520
Dropbox Dropbox is a file hosting service, offers cloud storage, file synchronization, personal cloud and client software.

https://help.dropbox.com/accounts-billing/security/official-domains
GEO Locations The Geo database is downloaded from MaxMind, a leading provider of IP Intelligence and online fraud prevention tools.
MaxMind provides mapping of location data for IP addresses. The server downloads the updated database from MaxMind on a weekly basis.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk126172
GitHub GitHub is a provider of Internet hosting for software development and version control using Git.

https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/about-githubs-ip-addresses
Google Google Cloud Platform and Google G-Suite services publish their IP addresses on Google's SPF records, which can be dynamically updated.

https://support.google.com/a/answer/10026322

https://cloud.google.com/compute/docs/faq#networking
HTTPS In some well-known HTTPS services, HTTPS Inspection is unable to establish the trust between the client and the Security Gateway and is therefore unable to inspect the traffic. If you choose to bypass specific HTTPS services to avoid connectivity issues, they will not perform HTTPS Inspection.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk163595
Intune Microsoft Intune is a cloud-based service that focuses on mobile device management and mobile application management.

https://docs.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints
McAfee McAfee is an American global computer security software company.

https://kc.mcafee.com/corporate/index?page=content&id=KB87232
Microsoft Dynamics CRM The Dynamics Customer Relationship Management (CRM) is a system for managing a company's interactions with current and future customers, using technology to organize, automate, and synchronize sales, marketing, customer service, and technical support.

https://support.microsoft.com/en-us/topic/microsoft-dynamics-crm-online-ip-address-ranges-0b22a844-e61d-443b-482f-945de79f764d
Office365 Microsoft Office 365 cloud services, such as Skype for Business Online, Exchange Online and more, are commonly used by organizations.

https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-ip-web-service?view=o365-worldwide
Okta Okta is an identity management service, runs in the cloud and connects any person with any application on any device.

https://help.okta.com/en/prod/Content/Topics/Security/Firewall_Whitelisting.htm
Webex Webex provides on-demand collaboration, online meeting, web conferencing and videoconferencing applications.

https://help.webex.com/en-us/WBX000028782/Network-Requirements-for-Webex-Services#id_135011
Zoom Zoom is an enterprise video communications, provides a cloud platform for video and audio conferencing across mobile devices, desktops, telephones and room systems.

https://support.zoom.us/hc/en-us/articles/201362683-Network-Firewall-or-Proxy-Server-Settings-for-Zoom
Zscaler Zscaler is a cloud-based information security company which provides secure access to locally hosted and external applications.

https://config.zscaler.com/zscaler.net/cenr



Notes 

  • This feature is only supported for R80.20 and higher gateways.
  • To work well, the DNS set on the gateways must be the same as that used by the endpoints. Otherwise, the IP-domain mapping will not match.
  • In case of a change in DNS servers, the process WSDNSD must be restarted in order to use the new DNS servers.
  • In R80.40, updatable objects are supported in HTTPS and Threat Prevention policies, as well.
  • Updateable Objects can be used in the NAT Rule Base starting R81 Security Management and Security Gateway (both are required).
  • The Security Gateway and Management must have connectivity to updates.checkpoint.com and dl3.checkpoint.com in order to be able to download the package.
  • Updatable Objects are supported on Gaia Embedded in versions R80.20.15 and higher.

 

Usage

Click the '+' button under the Source/Destination column, choose import 'Updatable Objects', and then you can choose the relevant Service (as shown below):

Troubleshooting

  1. Issues with importing Updatable Objects in SmartConsole: refer to sk122636.
  2. Unexpected drops on the Security Gateway while using Updatable Objects: refer to sk121877.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
Applies To:
  • Updatable objects are not supported in HTTPS Inspection policy in R80.20.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment