Support Center > Search Results > SecureKnowledge Details
Updatable Objects Technical Level

An updatable object is a network object that represents an external service, such as Office 365, AWS, GEO locations and more. External service providers publish lists of IP addresses or domains or both, to allow access to their services. These lists are dynamically updated. Updatable objects derive their contents from these published lists of the providers, which Check Point uploads to the Check Point cloud. The updatable objects are updated automatically on the Security Gateway each time the provider changes a list. There is no need to install policy for the updates to take effect. The updatable object can be used in Access Control policy's source and destination columns and is matched on SYN packet according to IP only (the domains are resolved to IPs).

Starting from R80.20, updateable objects are supported for the Access Rule Base (the main rule base).

Starting from R80.40, updateable objects are supported for the HTTPSi and TP Rule Bases.

Starting from R81, updateable objects are supported for the NAT Rule Base.

The table below shows the currently supported external services for updatable objects. To request an updatable object for an external service that does not appear in the table, submit a Request for Enhancement.

Feed Description
Akamai Origin IP Access Control List (Origin IP ACL) offers some protection for your origin server by restricting traffic to ​Akamai​-controlled IP addresses.
Amazon Web Services (AWS) Amazon Web Services (abbreviated AWS) is a collection of remote computing services (also called web services) that together make up a cloud computing platform, offered over the Internet by Amazon.
Azure Microsoft Azure is a collection of cloud computing services created by Microsoft, services like Azure SQL, Storage, Traffic Manager, Cloud, Cosmos DB, Event Hub, Key Vault and Service Bus.
Azure is divided into three areas:



US Government:
Box Box focuses on cloud content management and file sharing service for businesses. Official clients and apps are available for Windows, macOS, and several mobile platforms.
Broadcom WSS Symantec Web Security Service protects your organization from cyber attacks using an advanced proxy architecture that terminates, inspects, and controls high volumes of web and cloud traffic, even when it's SSL/TLS encrypted.
Check Point Provides list of Check Point's online security services domains. See sk83520.
Citrix Citrix contains allowed FQDNs for cloud connector

System and Connectivity Requirements | Citrix Cloud
Dropbox Dropbox is a file hosting service, offers cloud storage, file synchronization, personal cloud and client software.
GEO Locations The Geo database is downloaded from MaxMind, a leading provider of IP Intelligence and online fraud prevention tools.
MaxMind provides mapping of location data for IP addresses. The server downloads the updated database from MaxMind on a weekly basis.
See sk126172.
GitHub GitHub is a provider of Internet hosting for software development and version control using Git.
Google Google Cloud Platform and Google G-Suite services publish their IP addresses on Google's SPF records, which can be dynamically updated.
HTTPS In some well-known HTTPS services, HTTPS Inspection is unable to establish the trust between the client and the Security Gateway and is therefore unable to inspect the traffic. If you choose to bypass specific HTTPS services to avoid connectivity issues, they will not perform HTTPS Inspection. See sk163595.
Intune Microsoft Intune is a cloud-based service that focuses on mobile device management and mobile application management.
McAfee McAfee is an American global computer security software company. See KB87232
Microsoft Defender This is a Microsoft Defender object and all its content is subject to Microsoft Defender IPs and Domains. The Microsoft Defender for Endpoint delivers preventative protection, post-breach detection, automated investigation, and response.
Microsoft Dynamics CRM The Dynamics Customer Relationship Management (CRM) is a system for managing a company's interactions with current and future customers, using technology to organize, automate, and synchronize sales, marketing, customer service, and technical support.
Microsoft Grph Microsoft Graph is the gateway to data and intelligence in Microsoft 365. It provides a unified programmability model that you can use to access the tremendous amount of data in Microsoft 365, Windows, and Enterprise Mobility + Security.
Office365 Microsoft Office 365 cloud services, such as Skype for Business Online, Exchange Online and more, are commonly used by organizations.
Office365 is divided into three areas:
Third Party Domains, US Government DoD Services, GCC High Services and Worldwide Services.
Okta Okta is an identity management service, runs in the cloud and connects any person with any application on any device.
Quantum Spark Smart Accel Improves connectivity and optimizes the load on the Quantum Spark Security Gateway. Once enabled, traffic enforcement is accelerated for selected services.

Note: Firewall and logging activity is not affected. Smart Accel is currently in EA and is only supported in locally managed Gaia Embedded appliances / Quantum Spark Security Gateways running version R81.10 and higher.
Salesforce This is a Salesforce object and all its content is subject to Salesforce IPs. Salesforce provides customer relationship management service and also provides enterprise applications focused on customer service, marketing automation, analytics, and application development.
SAP This is a SAP object and all its content is subject to SAP. SAP develops enterprise software to manage business operations and customer relations and especially known for its ERP software.
Webex Webex provides on-demand collaboration, online meeting, web conferencing and videoconferencing applications.

Webex object is divided into two objects:
Third Party Services: Conatins third party domains used by Webex
Main Services: contains Cisco-owned domains and IPs used by Webex
Zero Phishing Bypass To skip unnecessary scans on popular sites, we highly recommend to configure the Zero-Phishing blade to bypass specific popular sites.
This object should be configured only in Threat Prevention policy as latest rule.  See sk179726.
Zoom Zoom is an enterprise video communications, provides a cloud platform for video and audio conferencing across mobile devices, desktops, telephones and room systems.
Zscaler Zscaler is a cloud-based information security company which provides secure access to locally hosted and external applications.


  • This feature is only supported for R80.20 and higher gateways.
  • Updatable objects are not supported in HTTPS Inspection policy in R80.20 and R80.30.
    In R80.40, updatable objects are supported in HTTPS Inspection and Threat Prevention policies, as well.
  • Each domain received from a external vendor feed is considered a Domain Object as in sk90401: How do Domain Objects work?.
  • To work well, the DNS set on the gateways must be the same as that used by the endpoints. Otherwise, the IP-domain mapping will not match.
  • In case of a change in DNS servers, the process WSDNSD must be restarted in order to use the new DNS servers.
  • Updateable Objects can be used in the NAT Rule Base starting R81 Security Management and Security Gateway (both are required).
  • The Security Gateway and Management must have connectivity to and in order to be able to download the package. There are different packages for the GW and Management, and they are both downloaded directly from Check Point download center.
  • Updatable objects are supported on VSX, each VS configured with updatable objects must have connectivity to and too.
  • To check connectivity using curl_cli:
    # curl_cli --cacert $CPDIR/conf/ca-bundle.crt
  • Updatable Objects are supported on Gaia Embedded in versions R80.20.15 and higher.
  • Updatable objects are matched according to SYN packet - according to IP only. In case you have a domain resolved to IP that is part of the updatable object, it can be matched on the rule of the updatable object. 
  • It’s recommended to review the IPs/domains inside the updatable objects prior the use as other domains with same IP can be also matched on it.
  • In case there is a need to enforce differently and distinguish between several domains that resolved to same IP, it can be done by using the Service/Application column.

    New updatable objects are added on a monthly basis. Updatable objects creation relies on common requests from customers to allow access to 3rd party services.
    Suggestions for additional Updatable objects can be submitted in the "Give us Feedback" section of the SecureKnowledge article, with the relevant information that will be rendered by R&D (who is responsible for adding new updatable objects). The most common suggestions will get highest priority:
    • Service name.
    • Link to public content (IP addresses / Domains) maintained by the vendor.
    • Is it currently used in my policy?

    Updatable objects are predefined objects maintained by Check Point.


    Click the '+' button under the Source/Destination column, choose import 'Updatable Objects', and then you can choose the relevant Service (as shown below):


    1. Issues with importing Updatable Objects in SmartConsole: refer to sk122636.
    2. In case the package of Updatable Objects is missing on the Security Gateway please make sure Security Gateway have access to the Download Center and follow the steps below:
      1. DNS server(s) must be configured and reachable from the Security Gateway.
      2. If required, Proxy Server should be configured (in SmartConsole) and reachable from the Security Gateway.
      3. Run on your Gateway machine: unified_dl UPDATE ONLINE_SERVICES
      4. Verify that the response is: Request was completed successfully.
      5. Search the last_revision.xml file under $CPDIR/database/downloads/ONLINE_SERVICES/1.0/
      6. If it exists, you now have the Online Services package on your Gateway and can run policy installation.
      7. If the last_revision.xml file is missing, please contact support. We will need to troubleshoot why this file is not downloading properly.
      8. Reboot.

    Scenario - Office365 Updatable object allowing additional domain

    When using "Office365 Services" updatable object in a policy rule, the traffic to other domains, like Facebook, also matches this rule. This happened since Office365 includes "Office365 Third Party Domains" which includes 3rd party domains with Microsoft.
    To review the full list of 3rd party domains, run the following command on the gateway that enforces the services object (Note: This list is dynamic updated by Microsoft):
    # domains_tool -uo "Office365 Third Party Domains"

    Add another rule to block "Office365 Third Party Domains" updatable objects on top of the allow rules:
    1. Check the log to find out which domain is allowed by the "Office365 Services" updatable object.
    2. Find the URL object, or create a domain object for that one.
    3. Use the new object and setup a block rule for it.

    Give us Feedback
    Please rate this document