Google Cloud Platform and Google G-Suite services publish their IP addresses on Google's SPF records, which can be dynamically updated.
Till R80.20, customers who wish to restrict access to those Google services based on IP addresses need to maintain a Network Group object that contains the relevant IP ranges provided by Google. The customers keep updating this object manually upon Google updates and have to install policy after every change.
Check Point Solution for R80.20 and above
- Check Point provides a Network Object that can be imported to SmartConsole as an Updatable Object for Google Cloud Platform and Google G-Suite services.
- Each Google Updatable Object matches a list of IP addresses according to that Google Service publishing.
- On every update in Google's SPF records, these Objects are updated automatically on the gateway (no need to run policy installation).
- When the source or destination IP address matches an object, the action is selected according to the policy.
Click the '+' button under the Source/Destination column, choose import 'Updatable Objects', and then choose the relevant Google Service from the Google Services section.
Below is an example of adding Google G Suite services updatable object to Destination column in Access Policy:
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.