CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: SmartEvent DNS Querie Throttling

  1. #1
    Join Date
    2007-10-31
    Location
    Great Plains - USA
    Posts
    159
    Rep Power
    12

    Default SmartEvent DNS Querie Throttling

    Smart-1 225 Appliance, dedicated for SmartEvent/SmartReporter, R77.20

    In some infrequent situations the SmartEvent device will cause a DOS in our environment. I have Network Quota enabled on our internet facing gateways. There are times when SmartEvent queries our internal DNS servers for external lookups at a rate that causes the internal DNS servers to exceed the Network Quota threshold. Resulting in all external DNS lookups (including those from the user community) to be denied for the timeout period.

    I realize I could bump up the Network Quota threshold, or exclude the internal DNS servers from Network Quota altogether. However, we've run for years with current settings and wish to maintain them.

    Is there a way to limit the rate of DNS queries originating from my Smart-1 225 box?

    Kind regards,
    dbrown

  2. #2
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,648
    Rep Power
    9

    Default Re: SmartEvent DNS Querie Throttling

    Quote Originally Posted by dbrown3611 View Post
    Smart-1 225 Appliance, dedicated for SmartEvent/SmartReporter, R77.20

    In some infrequent situations the SmartEvent device will cause a DOS in our environment. I have Network Quota enabled on our internet facing gateways. There are times when SmartEvent queries our internal DNS servers for external lookups at a rate that causes the internal DNS servers to exceed the Network Quota threshold. Resulting in all external DNS lookups (including those from the user community) to be denied for the timeout period.

    I realize I could bump up the Network Quota threshold, or exclude the internal DNS servers from Network Quota altogether. However, we've run for years with current settings and wish to maintain them.

    Is there a way to limit the rate of DNS queries originating from my Smart-1 225 box?

    Kind regards,
    dbrown
    yikes.. hmm.. i don't know of any, but really i think your best off excluding.

    Is it possible your DNS server isn't caching negative results? I haven't touched DNS in a long time so there is a good chance i just made that up. :D

  3. #3
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,648
    Rep Power
    9

    Default Re: SmartEvent DNS Querie Throttling

    oh it looks like NGSE does have a caching DNS feature.

    sk106337

Similar Threads

  1. SmartEvent with Third-Party
    By rgbfilho in forum Check Point on Third-Party Platforms
    Replies: 0
    Last Post: 2015-11-25, 12:09
  2. SmartEvent Error - R76
    By trevino200 in forum Installing And Upgrading
    Replies: 1
    Last Post: 2013-06-05, 10:23
  3. R75.45 SmartEvent Authentication
    By neonavr in forum R75.40 (GAiA)
    Replies: 0
    Last Post: 2012-10-18, 05:03
  4. Replies: 8
    Last Post: 2010-06-03, 16:59
  5. bandwidth throttling in checkpoint
    By renuka in forum Services (TCP, UDP, ICMP, etc.)
    Replies: 6
    Last Post: 2009-12-04, 14:59

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •