Dynamic DNS problem

[SuderMan]

Hello

I'd like to ask about dynamic dns update issue and Checkpoint firewall that is preventing it ... at least I suppose it's Chckpoint's fault.

We use Checkpoint R55 (SecurePlatform) to route traffic between part of vlans in our network (HSZ, DMZ).
When the traffic is going through Checkpoint firewall client machines do not register in Dns forward lookup zone, they're registering in reverse lookup zone only.
I search in logs for a traffic that is blocked but didn't find anything interesting.

For vlans that are not filtered by Checkpoint (DFZ) there is no problem.
Dns Server (Windows 2003) is also in DFZ.

Do You know if something must be set on Checkpoint to let it pass ?

Any idea appreciated.

Thanks.

[kva.kva]

Do you see anything in SmartView Tracker -> SmartDefence query?
Try to uncheck SmartDefence -> Application Intelligence -> DNS -> UDP protocol enforcement

[SuderMan]

Hello !

Yes it's this what causes the problem !!
I have unchecked it and it's ok immediately !

But doesn't it compromise security ?
Why Checkpoint treat it as an attack ?

The other thing is that this option is common for all security policies on one SmartCenter.

Thanks !

[mbutterfield]

NGX R62 adds a new feature that allows you to create "profiles" for SmartDefense, so you can have different levels of protection on different firewall enforcement points.

[SuderMan]

Thanks but We will not move to R62 soon :(