An updatable object is a network object that represents an external service, such as Office 365, AWS, GEO locations and more. External services providers publish lists of IP addresses, or Domains, or both, to allow access to their services. These lists are dynamically updated. Updatable objects derive their contents from these published lists of the providers, which Check Point uploads to the Check Point cloud. The updatable objects are updated automatically on the Security Gateway each time the provider changes a list. There is no need to install policy for the updates to take effect. You can use an updatable object in the Access Control policy as a source, or a destination.
These are the currently supported external services for updatable objects:
• Online services - Office 365, Azure, Google, Okta, Zoom, Intune, Webex, Dropbox and AWS
• GEO locations - The GEO database provides mapping of location data to IP addresses. For each location, there is a network object you can import to SmartConsole. You can block or allow access to and from specific locations based on their IP addresses.
- This feature is only supported for R80.20 and above gateways.
- To work well, the DNS set on the gateways must be the same as that used by the endpoints. Otherwise, the IP-domain mapping will not match.
- In case of a change in DNS servers, the process WSDNSD must be restarted in order to use the new DNS servers.
- In R80.40, updatable objects are supported in HTTPS and Threat Prevention policies, as well.
Click the '+' button under the Source/Destination column, choose import 'Updatable Objects', and then you can choose the relevant Service (as shown below):
- Issues with importing Updatable Objects in SmartConsole: refer to sk122636.
- Unexpected drops on the Security Gateway while using Updatable Objects: refer to sk121877.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
- Updatable objects are not supported in HTTPS Inspection policy in R80.20.