https://community.checkpoint.com/t5/General-Topics/DNS-Reverse-traffic-is-getting-dropped/m-p/87535#M17624 I'd try: <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk92835" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk92835</A><BR />Note that even with IPS inactive, some of the protections under IPS are actually firewall protections. Mon, 08 Jun 2020 03:05:49 GMT PhoneBoy 2020-06-08T03:05:49Z https://community.checkpoint.com/t5/General-Topics/DNS-Reverse-traffic-is-getting-dropped/m-p/87286#M17528 <P>Hi,</P><P>This is checkpoint clusterXL in load sharing mode and its still on R77.30. We have our NS servers configured behind firewall, however recently we started observing lot of SERVFAIL messages on DNS server and hence started troubleshooting. Eventually when we done fw ctl zdebug drop we found that server when sending Recusrsive queries to Root Hint server the response is getting dropped on Stealth rule.</P><P>Surprisingly why it would drop response from Root Hint servers. Now there are not blades running on firewall but only fw. No IPS/AMW nothing.</P><P>Here are the logs - and a.b.c.d is my Natted Public IP of my DNS server. Rule #47 is a stealth rule</P><P>4Jun2020 15:07:44.407985;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=17 103.204.163.83:48073 -&gt; a.b.c.d:53 dropped by fw_handle_first_packet Reason: Rulebase drop - rule 47;<BR />4Jun2020 15:07:44.423727;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=17 103.204.163.80:47955 -&gt; a.b.c.d:53 dropped by fw_handle_first_packet Reason: Rulebase drop - rule 47;<BR />4Jun2020 15:07:44.426534;[cpu_3];[fw4_0];fw_log_drop_ex: Packet proto=17 103.204.163.66:45982 -&gt; a.b.c.d:53 dropped by fw_handle_first_packet Reason: Rulebase drop - rule 47;<BR />4Jun2020 15:07:44.450732;[cpu_3];[fw4_0];fw_log_drop_ex: Packet proto=17 103.204.163.65:42568 -&gt; a.b.c.d:53 dropped by fw_handle_first_packet Reason: Rulebase drop - rule 47;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 04 Jun 2020 10:04:01 GMT https://community.checkpoint.com/t5/General-Topics/DNS-Reverse-traffic-is-getting-dropped/m-p/87286#M17528 Blason_R 2020-06-04T10:04:01Z https://community.checkpoint.com/t5/General-Topics/DNS-Reverse-traffic-is-getting-dropped/m-p/87535#M17624 I'd try: <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk92835" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk92835</A><BR />Note that even with IPS inactive, some of the protections under IPS are actually firewall protections. Mon, 08 Jun 2020 03:05:49 GMT https://community.checkpoint.com/t5/General-Topics/DNS-Reverse-traffic-is-getting-dropped/m-p/87535#M17624 PhoneBoy 2020-06-08T03:05:49Z https://community.checkpoint.com/t5/General-Topics/DNS-Reverse-traffic-is-getting-dropped/m-p/87786#M17687 <P>Any way we figured that out and that is due to ClusterXL load sharing and wrong switch configuration.</P> Tue, 09 Jun 2020 17:42:40 GMT https://community.checkpoint.com/t5/General-Topics/DNS-Reverse-traffic-is-getting-dropped/m-p/87786#M17687 Blason_R 2020-06-09T17:42:40Z https://community.checkpoint.com/t5/General-Topics/DNS-Reverse-traffic-is-getting-dropped/m-p/87804#M17689 Hi so you are saying it was a wrongly configured switch that was causing the drops? Tue, 09 Jun 2020 22:31:03 GMT https://community.checkpoint.com/t5/General-Topics/DNS-Reverse-traffic-is-getting-dropped/m-p/87804#M17689 kb1 2020-06-09T22:31:03Z https://community.checkpoint.com/t5/General-Topics/DNS-Reverse-traffic-is-getting-dropped/m-p/87821#M17697 <P>Yes this is what there network team told me. Sicne I do not have access to those switches if pretty tough to say what changes they made <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> Wed, 10 Jun 2020 03:56:23 GMT https://community.checkpoint.com/t5/General-Topics/DNS-Reverse-traffic-is-getting-dropped/m-p/87821#M17697 Blason_R 2020-06-10T03:56:23Z