An updatable object is a network object that represents an external service, such as Office 365, AWS, GEO locations and more. External services providers publish lists of IP addresses, or Domains, or both, to allow access to their services. These lists are dynamically updated. Updatable objects derive their contents from these published lists of the providers, which Check Point uploads to the Check Point cloud. The updatable objects are updated automatically on the Security Gateway each time the provider changes a list. There is no need to install policy for the updates to take effect. You can use an updatable object in the Access Control policy as a source, or a destination.
These are the currently supported external services for updatable objects:
• Online services - Office 365, Dynamics CRM, Azure, Google, Okta, Zoom, Intune, Webex, Dropbox and AWS
• GEO locations
- The GEO database provides mapping of location data to IP addresses. For each location, there is a network object you can import to SmartConsole. You can block or allow access to and from specific locations based on their IP addresses.
• HTTPS Inspection bypass list - Provides list of domains to be bypassed on HTTPS Inspection policy.
- This feature is only supported for R80.20 and higher gateways.
- To work well, the DNS set on the gateways must be the same as that used by the endpoints. Otherwise, the IP-domain mapping will not match.
- In case of a change in DNS servers, the process WSDNSD must be restarted in order to use the new DNS servers.
- In R80.40, updatable objects are supported in HTTPS and Threat Prevention policies, as well.
- Updateable Objects can be used in the NAT Rule Base starting R81 Security Management and Security Gateway (both are required).
Click the '+' button under the Source/Destination column, choose import 'Updatable Objects', and then you can choose the relevant Service (as shown below):
- Issues with importing Updatable Objects in SmartConsole: refer to sk122636.
- Unexpected drops on the Security Gateway while using Updatable Objects: refer to sk121877.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
- Updatable objects are not supported in HTTPS Inspection policy in R80.20.