Dynamic Objects IPs and Ports are provided by big tech companies, they can vary daily. Firewall Vendors seem to store these information in their own databases and provide them to the Firewall Managers via Internet.
Checkpoint
Distinguishes between Aplications (used in Service) and Updatable Objects (used in SRC and DST). I can't figure out how to get current ports for Applications or current IPs from Updatable Objects via API. The API call "show-updatable-objects-repository-content" returns "info-url" for each Updatable Object. This URL links to non-standardized documentation pages of the Internet Company. You can see this list online
https://support.checkpoint.com/results/sk/sk131852
Fortinet
Internet Services contain IPs and Ports. They are stored in the Internet Services Database https://www.fortiguard.com/services/isdb
You can get all names and IDs per API (see first payload) and get a full description with IPs and ports for each individual Internet Service (see second payload)
In "network_objects" define new "obj_typ" eg. "dynamic". Objects of this type should be interpreted as "internet objects". That means their IPs are not 0.0.0.0/0 but from a smaller set. This smaller set might be defined as a zone in the compliance matrix
Dynamic Objects IPs and Ports are provided by big tech companies, they can vary daily. Firewall Vendors seem to store these information in their own databases and provide them to the Firewall Managers via Internet.
Checkpoint
Distinguishes between Aplications (used in Service) and Updatable Objects (used in SRC and DST). I can't figure out how to get current ports for Applications or current IPs from Updatable Objects via API. The API call "show-updatable-objects-repository-content" returns "info-url" for each Updatable Object. This URL links to non-standardized documentation pages of the Internet Company. You can see this list online https://support.checkpoint.com/results/sk/sk131852
Fortinet
Internet Services contain IPs and Ports. They are stored in the Internet Services Database https://www.fortiguard.com/services/isdb You can get all names and IDs per API (see first payload) and get a full description with IPs and ports for each individual Internet Service (see second payload)
Possible Solution
In "network_objects" define new "obj_typ" eg. "dynamic". Objects of this type should be interpreted as "internet objects". That means their IPs are not 0.0.0.0/0 but from a smaller set. This smaller set might be defined as a zone in the compliance matrix