Generic Data Center Objects

From R81, you can enforce access to and from IP addresses defined in files located in external web servers.

To do that, use the Generic Data Center object in SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.. The Generic Data Center object points to a JSON file in an external server which contains the IP addresses which you want to access. This way, when the Generic Data Center object is used in a policy, SmartConsole can retrieve the IP information from the JSON file as necessary.

You can host the JSON file also locally on the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..

This feature is useful in cases where one administrator creates the Rule BaseClosed All rules configured in a given Security Policy. Synonym: Rulebase. and defines the objects, and another administrator manages the content of these objects.

This feature is supported in the Access Control, Threat Prevention, HTTPS InspectionClosed Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi., and NAT RuleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. Bases.

The feature is supported only on a Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. R81 and higher, and Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. (ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing.) R81 and higher.

After you create the Generic Data Center object, any change made in the file is automatically enforced on the Security Gateway with no need to install policy.

To create the JSON file, follow the guidelines described in sk167210.

Limitations

  • You can make up to 15,000 changes in a JSON file between two time intervals at which the JSON file is sampled, with a maximum of 30,000 IP addresses.

  • A Security Gateway supports a total of 5,000 objects of these types: Dynamic objects, Updatable objects, Generic Data Center objects, and Network Feed objects.