CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: How to get gateways to resolve external dns

  1. #1
    Join Date
    2017-02-06
    Posts
    14
    Rep Power
    0

    Default How to get gateways to resolve external dns

    I have such a basic question I am embarrassed, but I have been googling the heck out of it and since I'm not sure how to phrase it I am not getting the answers I need.

    I have an 80.20 cluster. I have workstations behind it. Currently all the workstations go through a proxy server, and that is resolving their dns requests. Now we are moving away from proxy and want traffic to go through firewall. I have made my dns stack on the PC point to the firewall. I have a rule above the stealth rule allowing dns traffic from my workstation to the gateways. I see the traffic in the logs and it is being accepted, but how do I tell the gateways to look it up and resolve it? I just keep getting page not found on my PC. I found the DNS setting in the global properties (Accept Domain Name over UDP) but from what I read that is not a good thing to enable, you need should use explicit rules to do this. So, I have ....

    Workstation with DNS pointing to Gateway
    Rule allowing my workstation to get to gateway on port 53 (I see the traffic going there and being accepted)
    Rule allowing Gateways to go out to get DNS lookups (I see traffic in the logs of them going out and it is in the DNS settings in the GAIA portal (hosts and Management, DNS))

    But don't know how to tie the two together. My gateways get out but how do I tell them to do my lookup?

    Any help is appreciated.

  2. #2
    Join Date
    2012-07-19
    Posts
    105
    Rep Power
    8

    Default Re: How to get gateways to resolve external dns

    Quote Originally Posted by terri8369 View Post
    So, I have ....

    Workstation with DNS pointing to Gateway
    Rule allowing my workstation to get to gateway on port 53 (I see the traffic going there and being accepted)
    Rule allowing Gateways to go out to get DNS lookups (I see traffic in the logs of them going out and it is in the DNS settings in the GAIA portal (hosts and Management, DNS))

    But don't know how to tie the two together. My gateways get out but how do I tell them to do my lookup?
    You don't. Your Gateways are not DNS resolvers. Either use local DNS resolver (usually Windows domain controller act as DNS) or configure your gateway policy to allow DNS through the firewall to specific or any server. Look at the proxy to see which way it was able to resolve names (/etc/resolv.conf if this is something unixoid). Or try it with a public DNS like 8.8.8.8, 8.8.4.4 or 1.1.1.1.

  3. #3
    Join Date
    2017-02-06
    Posts
    14
    Rep Power
    0

    Default Re: How to get gateways to resolve external dns

    Quote Originally Posted by Jejerod View Post
    You don't. Your Gateways are not DNS resolvers. Either use local DNS resolver (usually Windows domain controller act as DNS) or configure your gateway policy to allow DNS through the firewall to specific or any server. Look at the proxy to see which way it was able to resolve names (/etc/resolv.conf if this is something unixoid). Or try it with a public DNS like 8.8.8.8, 8.8.4.4 or 1.1.1.1.
    Thank you for the response, I was wondering why I could not find anything no matter how much I googled it. You have saved me a lot of time.

    Thanks again,
    terri

Similar Threads

  1. Managing External Gateways with Smart-1 5 SmartCenter
    By netstorm in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 14
    Last Post: 2011-10-05, 06:39
  2. ICA broken : how to resolve
    By peli71 in forum Secure Access
    Replies: 1
    Last Post: 2009-10-09, 15:48
  3. Error: cannot resolve name!
    By suber in forum Provider-1 (Multi-Domain Management)
    Replies: 2
    Last Post: 2007-11-27, 10:18
  4. VPN won't resolve internal dns
    By ds5879 in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 2
    Last Post: 2007-01-14, 05:39
  5. Remote Site Can't Resolve Domain Name
    By roadrunner in forum Miscellaneous
    Replies: 0
    Last Post: 2005-08-14, 12:21

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •